fix bailout if there is no TXT entry

2026-05-10 16:04:37 +00:00 · 2024-03-04 20:01:33 +01:00
173 changed files with 2486 additions and 10148 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,33 +0,0 @@
 ---
 name: Bug report
 about: Report something that isn't working.
 title: ''
 assignees: ''
 ---
 <!--
 Please fill out as much of this form as you can (leaving out stuff that is not applicable is ok).
 -->
 - Server OS (Operating System) - preferably Debian 12: 
 - On which OS you run cmdeploy:
 - chatmail/relay version: `git rev-parse HEAD`
 ## Expected behavior
 *What did you try to achieve?*
 ## Actual behavior
 *What happened instead?*
 ### Steps to reproduce the problem:
 1. 
 2.
 ### Screenshots
 ### Logs
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1 +0,0 @@
 blank_issues_enabled: true
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,35 +1,16 @@
-name: Run unit-tests and container-based deploy+test verification
+name: CI
 on:
  # Triggers when a PR is merged into main or a direct push occurs
  push:
    branches: [ "main" ]
  # Triggers for any PR (and its subsequent commits) targeting the main branch
  pull_request:
-    branches: [ "main" ]
+  push:
 permissions: {}
 # Newest push wins: Prevents multiple runs from clashing and wasting runner efforts
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
 jobs:
  tox:
    name: isolated chatmaild tests
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
-        # Checkout pull request HEAD commit instead of merge commit
+
        # Otherwise `test_deployed_state` will be unhappy.
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          persist-credentials: false
      - name: download filtermail
        run: curl -L https://github.com/chatmail/filtermail/releases/download/v0.6.4/filtermail-x86_64 -o /usr/local/bin/filtermail && chmod +x /usr/local/bin/filtermail
      - name: run chatmaild tests 
        working-directory: chatmaild
        run: pipx run tox
@@ -38,10 +19,7 @@ jobs:
    name: deploy-chatmail tests 
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          persist-credentials: false
      - name: initenv 
        run: scripts/initenv.sh
@@ -55,24 +33,5 @@ jobs:
      - name: run deploy-chatmail offline tests 
        run: pytest --pyargs cmdeploy 
-  lxc-test:
+      # all other cmdeploy commands require a staging server 
-    name: LXC deploy and test
+      # see https://github.com/deltachat/chatmail/issues/100
    uses: chatmail/cmlxc/.github/workflows/lxc-test.yml@v0.13.5
    with:
      cmlxc_version: v0.13.5
      cmlxc_commands: |
        cmlxc init 
        # single cmdeploy relay test
        cmlxc -v deploy-cmdeploy --source ./repo cm0
        cmlxc -v test-mini cm0
        cmlxc -v test-cmdeploy cm0
        # cross cmdeploy relay test
        cmlxc -v deploy-cmdeploy --source ./repo --ipv4-only cm1
        cmlxc -v test-cmdeploy cm0 cm1
        # cross cmdeploy/madmail relay tests
        cmlxc -v deploy-madmail mad0
        cmlxc -v test-cmdeploy cm0 mad0
        cmlxc -v test-mini cm0 mad0
        cmlxc -v test-mini mad0 cm0
--- a/.github/workflows/docker-dispatch.yaml
+++ b/.github/workflows/docker-dispatch.yaml
@@ -1,37 +0,0 @@
 # Notify the docker repo to build and test a new image after relay CI passes.
 #
 # Sends a repository_dispatch event to chatmail/docker with the relay ref
 # and short SHA, which triggers docker-ci.yaml to build, push to GHCR,
 # and run integration tests via cmlxc.
 name: Trigger Docker build
 on:
  push:
    branches: [main]
  workflow_dispatch:
 permissions: {}
 jobs:
  dispatch:
    name: Dispatch build to chatmail/docker
    runs-on: ubuntu-latest
    if: github.repository == 'chatmail/relay'
    steps:
      - name: Compute short SHA
        id: sha
        run: echo "short=$(echo '${{ github.sha }}' | cut -c1-7)" >> "$GITHUB_OUTPUT"
      - name: Send repository_dispatch
        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
        with:
          token: ${{ secrets.CHATMAIL_DOCKER_DISPATCH_TOKEN }}
          repository: chatmail/docker
          event-type: relay-updated
          client-payload: >-
            {
              "relay_ref": "${{ github.ref_name }}",
              "relay_sha": "${{ github.sha }}",
              "relay_sha_short": "${{ steps.sha.outputs.short }}"
            }
--- a/.github/workflows/docs-preview.yaml
+++ b/.github/workflows/docs-preview.yaml
@@ -1,61 +0,0 @@
 name: documentation preview
 on:
  pull_request:
    paths:
      - 'doc/**'
      - 'scripts/build-docs.sh'
      - '.github/workflows/docs-preview.yaml'
 permissions: {}
 jobs:
  scripts:
    name: build 
    runs-on: ubuntu-latest
    environment:
      name: 'staging.chatmail.at/doc/relay/'
      url: https://staging.chatmail.at/doc/relay/${{ steps.prepare.outputs.prid }}
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: initenv 
        run: scripts/initenv.sh
      - name: append venv/bin to PATH
        run: echo `pwd`/venv/bin >>$GITHUB_PATH
      - name: build documentation 
        working-directory: doc
        run: sphinx-build source build
      - name: build documentation second time (for TOC)
        working-directory: doc
        run: sphinx-build source build
      - name: Get Pullrequest ID
        id: prepare
        run: |
          export PULLREQUEST_ID=$(echo "${GITHUB_REF}" | cut -d "/" -f3)
          echo "prid=$PULLREQUEST_ID" >> $GITHUB_OUTPUT
          if [ $(expr length "${{ secrets.USERNAME }}") -gt "1" ]; then echo "uploadtoserver=true" >> $GITHUB_OUTPUT; fi
      - run: |
          echo "baseurl: /${STEPS_PREPARE_OUTPUTS_PRID}" >> _config.yml
        env:
          STEPS_PREPARE_OUTPUTS_PRID: ${{ steps.prepare.outputs.prid }}
      - name: Upload preview
        run: |
          mkdir -p "$HOME/.ssh"
          echo "${{ secrets.CHATMAIL_STAGING_SSHKEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
          rsync -rILvh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/doc/build/ "${{ secrets.USERNAME }}@chatmail.at:/var/www/html/staging.chatmail.at/doc/relay/${STEPS_PREPARE_OUTPUTS_PRID}/"
        env:
          STEPS_PREPARE_OUTPUTS_PRID: ${{ steps.prepare.outputs.prid }}
      - name: check links 
        working-directory: doc
        run: sphinx-build --builder linkcheck source build
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@@ -1,51 +0,0 @@
 name: build and upload documentation
 on:
  push:
    branches:
      - main
      - 'missytake/docs-ci'
    paths:
      - 'doc/**'
      - 'scripts/build-docs.sh'
      - '.github/workflows/docs.yaml'
 permissions: {}
 jobs:
  scripts:
    name: build 
    runs-on: ubuntu-latest
    environment: 
      name: 'chatmail.at/doc/relay/'
      url: https://chatmail.at/doc/relay/
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: initenv 
        run: scripts/initenv.sh
      - name: append venv/bin to PATH
        run: echo `pwd`/venv/bin >>$GITHUB_PATH
      - name: build documentation 
        working-directory: doc
        run: sphinx-build source build
      - name: build documentation second time (for TOC)
        working-directory: doc
        run: sphinx-build source build
      - name: check links 
        working-directory: doc
        run: sphinx-build --builder linkcheck source build
      - name: upload documentation
        run: |
          mkdir -p "$HOME/.ssh"
          echo "${{ secrets.CHATMAIL_STAGING_SSHKEY }}" > "$HOME/.ssh/key"
          chmod 600 "$HOME/.ssh/key"
          rsync -rILvh -e "ssh -i $HOME/.ssh/key -o StrictHostKeyChecking=no" $GITHUB_WORKSPACE/doc/build/ "${{ secrets.USERNAME }}@chatmail.at:/var/www/html/chatmail.at/doc/relay/"
--- a/.github/workflows/staging-ipv4.testrun.org-default.zone
+++ b/.github/workflows/staging-ipv4.testrun.org-default.zone
@@ -1,20 +0,0 @@
 ;; Zone file for staging-ipv4.testrun.org
 $ORIGIN staging-ipv4.testrun.org.
 $TTL 300
@  IN  SOA     ns.testrun.org. root.nine.testrun.org (
  2023010101 ; Serial
  7200       ; Refresh
  3600       ; Retry
  1209600    ; Expire
  3600       ; Negative response caching TTL
 )
 ;; Nameservers.
@  IN NS ns.testrun.org.
 ;; DNS records.
@       IN      A       37.27.95.249
 mta-sts.staging-ipv4.testrun.org.    CNAME   staging-ipv4.testrun.org.
 www.staging-ipv4.testrun.org.        CNAME   staging-ipv4.testrun.org.
--- a/.github/workflows/staging.testrun.org-default.zone
+++ b/.github/workflows/staging.testrun.org-default.zone
@@ -1,6 +1,6 @@
-;; Zone file for staging2.testrun.org
+;; Zone file for staging.testrun.org
-$ORIGIN staging2.testrun.org.
+$ORIGIN staging.testrun.org.
 $TTL 300
@  IN  SOA     ns.testrun.org. root.nine.testrun.org (
@@ -15,7 +15,6 @@ $TTL 300
@  IN NS ns.testrun.org.
 ;; DNS records.
-@       IN      A       37.27.24.139
+@       IN      A       37.27.37.98
-mta-sts.staging2.testrun.org.    CNAME   staging2.testrun.org.
+mta-sts.staging.testrun.org.    CNAME   staging.testrun.org.
-www.staging2.testrun.org.        CNAME   staging2.testrun.org.
+www.staging.testrun.org.        CNAME   staging.testrun.org.
--- a/.github/workflows/test-and-deploy.yaml
+++ b/.github/workflows/test-and-deploy.yaml
@@ -0,0 +1,72 @@
 name: deploy on staging.testrun.org, and run tests
 on:
  push:
    branches:
      - main
      - staging-ci
 jobs:
  deploy:
    name: deploy on staging.testrun.org, and run tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: prepare SSH
        run: |
          mkdir ~/.ssh
          echo "${{ secrets.STAGING_SSH_KEY }}" >> ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan staging.testrun.org > ~/.ssh/known_hosts
     #    rsync -avz root@staging.testrun.org:/var/lib/acme . || true
     #    rsync -avz root@staging.testrun.org:/var/lib/rspamd/dkim . || true
     #- name: rebuild staging.testrun.org to have a clean VPS
     #  run: |
     #      curl -X POST \
     #      -H "Authorization: Bearer ${{ secrets.HETZNER_API_TOKEN }}" \
     #      -H "Content-Type: application/json" \
     #      -d '{"image":"debian-12"}' \
     #      "https://api.hetzner.cloud/v1/servers/${{ secrets.STAGING_SERVER_ID }}/actions/rebuild"
      - run: scripts/initenv.sh
      - name: append venv/bin to PATH
        run: echo venv/bin >>$GITHUB_PATH
      - name: run formatting checks 
        run: cmdeploy fmt -v 
      - name: run deploy-chatmail offline tests 
        run: pytest --pyargs cmdeploy 
     #- name: upload TLS cert after rebuilding
     #  run: |
     #    echo " --- wait until staging.testrun.org VPS is rebuilt --- "
     #    rm ~/.ssh/known_hosts
     #    while ! ssh -o ConnectTimeout=180 -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org id -u ; do sleep 1 ; done
     #    ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org id -u
     #    rsync -avz acme root@staging.testrun.org:/var/lib/ || true
     #    rsync -avz dkim root@staging.testrun.org:/var/lib/rspamd/ || true
      - run: cmdeploy init staging.testrun.org
      - run: cmdeploy run
      - name: set DNS entries
        run: |
          #ssh -o StrictHostKeyChecking=accept-new -v root@staging.testrun.org chown _rspamd:_rspamd -R /var/lib/rspamd/dkim
          cmdeploy dns --zonefile staging-generated.zone
          cat staging-generated.zone >> .github/workflows/staging.testrun.org-default.zone
          cat .github/workflows/staging.testrun.org-default.zone
          scp -o StrictHostKeyChecking=accept-new .github/workflows/staging.testrun.org-default.zone root@ns.testrun.org:/etc/nsd/staging.testrun.org.zone
          ssh root@ns.testrun.org nsd-checkzone staging.testrun.org /etc/nsd/staging.testrun.org.zone
          ssh root@ns.testrun.org systemctl reload nsd
      - name: cmdeploy test
        run: CHATMAIL_DOMAIN2=nine.testrun.org cmdeploy test --slow
      - name: cmdeploy dns (try 3 times)
        run: cmdeploy dns || cmdeploy dns || cmdeploy dns
--- a/.github/workflows/zizmor-scan.yml
+++ b/.github/workflows/zizmor-scan.yml
@@ -1,26 +0,0 @@
 name: GitHub Actions Security Analysis with zizmor
 on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["**"]
 permissions: {}
 jobs:
  zizmor:
    name: Run zizmor
    runs-on: ubuntu-latest
    permissions:
      security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
      contents: read
      actions: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Run zizmor
        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,7 +0,0 @@
 rules:
  unpinned-uses:
    config:
      policies:
        actions/*: ref-pin
        dependabot/*: ref-pin
        chatmail/*: ref-pin
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,7 @@ __pycache__/
 *$py.class
 *.swp
 *qr-*.png
-chatmail*.ini
+chatmail.ini
 # C extensions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,603 +0,0 @@
 # Changelog for chatmail deployment 
 ## 1.10.0 2026-04-30
 * start mtail after networking is fully up <https://github.com/chatmail/relay/pull/942>
 * support specifying custom filtermail binary through environment variable <https://github.com/chatmail/relay/pull/941>
 * add automated zizmor scanning of github workflows <https://github.com/chatmail/relay/pull/938>
 * added dispatch for *automated builds of chatmail relay docker images* <https://github.com/chatmail/relay/pull/934>
 * do not bind SMTP client sockets to public addresses <https://github.com/chatmail/relay/pull/932>
 * underline in docs that scripts/initenv.sh should be used for building the docs <https://github.com/chatmail/relay/pull/933>
 * automatic oldest-first message removal from mailboxes to always stay under max_mailbox_size <https://github.com/chatmail/relay/pull/929>
 * remove --slow from cmdeploy test <https://github.com/chatmail/relay/pull/931>
 * handle missing inotify sysctl keys in containers <https://github.com/chatmail/relay/pull/930>
 * replace resolvconf with static resolv.conf <https://github.com/chatmail/relay/pull/928>
 * disable fsync for LMTP and IMAP services <https://github.com/chatmail/relay/pull/925>
 * re-use cmlxc workflow, replacing CI with hetzner staging servers with local lxc containers <https://github.com/chatmail/relay/pull/917>
 * explicitly install resolvconf <https://github.com/chatmail/relay/pull/924>
 * detect stale dovecot binary and force restart in activate() <https://github.com/chatmail/relay/pull/922>
 * Rename filtermail_http_port to filtermail_http_port_incoming <https://github.com/chatmail/relay/pull/921>
 * consolidated is_in_container() check https://github.com/chatmail/relay/pull/920>
 * restart dovecot after package replacement (rebase, test condense) <https://github.com/chatmail/relay/pull/913>
 * Set permissions on dovecot pin prefs <https://github.com/chatmail/relay/pull/915>
 * Route `/mxdeliv/` to configurable port <https://github.com/chatmail/relay/pull/901>
 * fix VM detection, automated testing fixes, use newer chatmail-turn and move to standard BIND DNS zone format <https://github.com/chatmail/relay/pull/912>
 * Upgrade to filtermail 0.6.1 <https://github.com/chatmail/relay/pull/910>
 * pin dovecot packages to prevent apt upgrades <https://github.com/chatmail/relay/pull/908>
 * add rpc server to cmdeploy along with client <https://github.com/chatmail/relay/pull/906>
 * remove unused deps from chatmaild <https://github.com/chatmail/relay/pull/905>
 * set default smtp_tls_security_level to "verify" unconditionally <https://github.com/chatmail/relay/pull/902>
 * featprefer IPv4 in SMTP client <https://github.com/chatmail/relay/pull/900>
 * Install dovecot .deb packages atomically <https://github.com/chatmail/relay/pull/899>
 * stop installing cron package <https://github.com/chatmail/relay/pull/898>
 * Rewrite dovecot install logic, update <https://github.com/chatmail/relay/pull/862>
 * fix a test and some linting fixes <https://github.com/chatmail/relay/pull/897>
 * Disable IP verification on domain-literal addresses <https://github.com/chatmail/relay/pull/895>
 * disable installing recommended packages globally on the relay <https://github.com/chatmail/relay/pull/887>
 * multiple bug fixes across chatmaild and cmdeploy <https://github.com/chatmail/relay/pull/883>
 * remove /metrics from the website <https://github.com/chatmail/relay/pull/703>
 * add Prometheus textfile output to fsreport <https://github.com/chatmail/relay/pull/881>
 * chown opendkim: private key <https://github.com/chatmail/relay/pull/879>
 * make sure chatmail-metadata was started <https://github.com/chatmail/relay/pull/882>
 * dovecot update url <https://github.com/chatmail/relay/pull/880>
 * upgrade to filtermail v0.5.2 <https://github.com/chatmail/relay/pull/876>
 * download dovecot packages from github release <https://github.com/chatmail/relay/pull/875>
 * replace DKIM verification with filtermail v0.5 <https://github.com/chatmail/relay/pull/831>
 * remove CFFI deltachat bindings usage, and consolidate test support with rpc-bindings <https://github.com/chatmail/relay/pull/872>
 * prepare chatmaild/cmdeploy changes for Docker support <https://github.com/chatmail/relay/pull/857>
 * stabilize online benchmark timing adding rate-limit-aware cooldown between iterations <https://github.com/chatmail/relay/pull/867>
 * move rate-limit cooldown to benchmark fixture <https://github.com/chatmail/relay/pull/868>
 * reconfigure acmetool from redirector to proxy mode <https://github.com/chatmail/relay/pull/861>
 * make tests work with `--ssh-host localhost` <https://github.com/chatmail/relay/pull/856>
 * mark f-string with f prefix in test_expunged <https://github.com/chatmail/relay/pull/863>
 * install also if dovecot.service=False in SystemdEnabled Fact <https://github.com/chatmail/relay/pull/841>
 * Introduce support for self-signed chatmail relays <https://github.com/chatmail/relay/pull/855>
 * Strip Received headers before delivery <https://github.com/chatmail/relay/pull/849>
 * upgrade to filtermail v0.3 <https://github.com/chatmail/relay/pull/850>
 * fix link to Maddy and update madmail URL <https://github.com/chatmail/relay/pull/847>
 * accept self-signed certificates for IP-only relays <https://github.com/chatmail/relay/pull/846>
 * enforce sending from public IP addresses <https://github.com/chatmail/relay/pull/845>
 * port check: check addresses, fix single services <https://github.com/chatmail/relay/pull/844>
 * remediates issue with improper concat on resolver injection <https://github.com/chatmail/relay/pull/834>
 * ipv6 boolean not being respected during operations <https://github.com/chatmail/relay/pull/832>
 * upgrade to filtermail v0.2 by <https://github.com/chatmail/relay/pull/825>
 * fix link to filtermail <https://github.com/chatmail/relay/pull/824>
 * print timestamps when sending messages <https://github.com/chatmail/relay/pull/823>
 * fix flaky test_exceed_rate_limit <https://github.com/chatmail/relay/pull/822>
 * Replace filtermail with rust reimplementation <https://github.com/chatmail/relay/pull/808>
 * Set default internal SMTP ports in Config <https://github.com/chatmail/relay/pull/819>
 * separate metrics for incoming and outgoing messages <https://github.com/chatmail/relay/pull/820>
 * disable appending the Received header <https://github.com/chatmail/relay/pull/815>
 * fail on errors in postfix/dovecot config <https://github.com/chatmail/relay/pull/813>
 * tweak idle/hibernate metrics some more <https://github.com/chatmail/relay/pull/811>
 * add config flag to export statistics <https://github.com/chatmail/relay/pull/806>
 * add --website-only option to run subcommand <https://github.com/chatmail/relay/pull/768>
 * Strip DKIM-Signature header before LMTP <https://github.com/chatmail/relay/pull/803>
 * properly make sure that postfix gets restarted on failure <https://github.com/chatmail/relay/pull/802>
 * expire.py: use absolute path to maildirsize <https://github.com/chatmail/relay/pull/807>
 * pin Dovecot documentation URLs to version 2.3 <https://github.com/chatmail/relay/pull/800>
 * try to use "build machine" and "deployment server"  consistently  <https://github.com/chatmail/relay/pull/797>
 * adds instructions for migrating control machines <https://github.com/chatmail/relay/pull/795>
 * use consistent naming schema in getting started <https://github.com/chatmail/relay/pull/793>
 * remove jsok/serialize-workflow-action dependency <https://github.com/chatmail/relay/pull/790>
 * streamline migration guide wording, provide titled steps  <https://github.com/chatmail/relay/pull/789>
 * increases default max mailbox size <https://github.com/chatmail/relay/pull/792>
 * use daemon_name for OpenDKIM sign-verify decision instead of IP <https://github.com/chatmail/relay/pull/784>
 ## 1.9.0 2025-12-18
 ### Documentation
 - Add RELEASE.md and CONTRIBUTING.md
 - README update, mention Chatmail Cookbook project
 ### Bug Fixes
 - Expire messages also from IMAP subfolders
 - Use absolute path instead of relative path in message expiration script
 - Restart Postfix and Dovecot automatically on failure
 - acmetool: Use a fixed name and `reconcile` instead of `want`
 ### Features
 - Report DKIM error code in SMTP response
 - Remove development notice from the web pages
 ### Miscellaneous Tasks
 - Update the heading in the CHANGELOG.md
 - Setup git-cliff
 - Run tests against ci-chatmail.testrun.org instead of nine.testrun.org
 - Cleanup remaining echobot code, remove echobot user from deployment and passthrough recipients
 ## 1.8.0 2025-12-12
 - Add imap_compress option to chatmail.ini
  ([#760](https://github.com/chatmail/relay/pull/760))
 - Remove echobot from relays 
  ([#753](https://github.com/chatmail/relay/pull/753))
 - Fix `cmdeploy webdev`
  ([#743](https://github.com/chatmail/relay/pull/743))
 - Add robots.txt to exclude all web crawlers
  ([#732](https://github.com/chatmail/relay/pull/732))
 - acmetool: accept new Let's Encrypt ToS: https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
  ([#729](https://github.com/chatmail/relay/pull/729))
 - Organized cmdeploy into install, configure, and activate stages
  ([#695](https://github.com/chatmail/relay/pull/695))
 - docs: move readme.md docs to sphinx documentation rendered at https://chatmail.at/doc/relay 
  ([#711](https://github.com/chatmail/relay/pull/711))
 - acmetool: replace cronjob with a systemd timer
  ([#719](https://github.com/chatmail/relay/pull/719))
 - remove xstore@testrun.org from default passthrough recipients
  ([#722](https://github.com/chatmail/relay/pull/722))
 - don't deploy the website if there are merge conflicts in the www folder
  ([#714](https://github.com/chatmail/relay/pull/714))
 - acmetool: use ECDSA keys instead of RSA
  ([#689](https://github.com/chatmail/relay/pull/689))
 - Require TLS 1.2 for outgoing SMTP connections
  ([#685](https://github.com/chatmail/relay/pull/685), [#730](https://github.com/chatmail/relay/pull/730))
 - require STARTTLS for incoming port 25 connections
  ([#684](https://github.com/chatmail/relay/pull/684), [#730](https://github.com/chatmail/relay/pull/730))
 - filtermail: run CPU-intensive handle_DATA in a thread pool executor
  ([#676](https://github.com/chatmail/relay/pull/676))
 - don't use the complicated logging module in filtermail to exclude a potential source of errors. 
  ([#674](https://github.com/chatmail/relay/pull/674))
 - Specify nginx.conf to only handle `mail_domain`, www, and mta-sts domains
  ([#636](https://github.com/chatmail/relay/pull/636))
 - Setup TURN server
  ([#621](https://github.com/chatmail/relay/pull/621))
 - cmdeploy: make --ssh-host work with localhost
  ([#659](https://github.com/chatmail/relay/pull/659))
 - Update iroh-relay to 0.35.0
  ([#650](https://github.com/chatmail/relay/pull/650))
 - filtermail: accept mails from Protonmail
  ([#616](https://github.com/chatmail/relay/pull/616))
 - Ignore all RCPT TO: parameters
  ([#651](https://github.com/chatmail/relay/pull/651))
 - Increase opendkim DNS Timeout from 5 to 60 seconds
  ([#672](https://github.com/chatmail/relay/pull/672))
 - Add config parameter for Let's Encrypt ACME email
  ([#663](https://github.com/chatmail/relay/pull/663))
 - Use max username length in newemail.py, not min
  ([#648](https://github.com/chatmail/relay/pull/648))
 - Add startup for `fcgiwrap.service` because sometimes it did not start automatically.
  ([#657](https://github.com/chatmail/relay/pull/657))
 - Add `cmdeploy init --force` command for recreating chatmail.ini
  ([#656](https://github.com/chatmail/relay/pull/656))
 - Increase maxproc for reinjecting ports from 10 to 100
  ([#646](https://github.com/chatmail/relay/pull/646))
 - Allow ports 143 and 993 to be used by `dovecot` process
  ([#639](https://github.com/chatmail/relay/pull/639))
 - Add `--skip-dns-check` argument to `cmdeploy run` command, which disables DNS record checking before installation.
  ([#661](https://github.com/chatmail/relay/pull/661))
 - Rework expiry of message files and mailboxes in Python 
  to only do a single iteration over sometimes millions of messages
  instead of doing "find" commands that iterate 9 times over the messages. 
  Provide an "fsreport" CLI for more fine grained analysis of message files. 
  ([#637](https://github.com/chatmail/relay/pull/637))
 ## 1.7.0 2025-09-11
 - Make www upload path configurable
  ([#618](https://github.com/chatmail/relay/pull/618))
 - Check whether GCC is installed in initenv.sh
  ([#608](https://github.com/chatmail/relay/pull/608))
 - Expire push notification tokens after 90 days
  ([#583](https://github.com/chatmail/relay/pull/583))
 - Use official `mtail` binary instead of `mtail` package
  ([#581](https://github.com/chatmail/relay/pull/581))
 - dovecot: install from download.delta.chat instead of openSUSE Build Service
  ([#590](https://github.com/chatmail/relay/pull/590))
 - Reconfigure Dovecot imap-login service to high-performance mode
  ([#578](https://github.com/chatmail/relay/pull/578))
 - Set timezone to improve dovecot performance
  ([#584](https://github.com/chatmail/relay/pull/584))
 - Increase nginx connection limits
  ([#576](https://github.com/chatmail/relay/pull/576))
 - If `dns-utils` needs to be installed before cmdeploy run, apt update to make sure it works
  ([#560](https://github.com/chatmail/relay/pull/560))
 - filtermail: respect config message size limit
  ([#572](https://github.com/chatmail/relay/pull/572))
 - Don't deploy if one of the ports used for chatmail relay services is occupied by an unexpected process
  ([#568](https://github.com/chatmail/relay/pull/568))
 - Add config value after how many days large files are deleted
  ([#555](https://github.com/chatmail/relay/pull/555))
 - cmdeploy: push relay version to /etc/chatmail-version
  ([#573](https://github.com/chatmail/relay/pull/573))
 - filtermail: allow partial body length in OpenPGP payloads
  ([#570](https://github.com/chatmail/relay/pull/570))
 - chatmaild: allow echobot to receive unencrypted messages by default
  ([#556](https://github.com/chatmail/relay/pull/556))
 ## 1.6.0 2025-04-11
 - Handle Port-25 connect errors more gracefully (common with VPNs)
  ([#552](https://github.com/chatmail/relay/pull/552))
 - Avoid "acmetool not found" during initial run
  ([#550](https://github.com/chatmail/relay/pull/550))
 - Fix timezone handling such that client/servers do not need to use
  same timezone. 
  ([#553](https://github.com/chatmail/relay/pull/553))
 - Enforce end-to-end encryption for incoming messages. 
  New user address mailboxes now get a `enforceE2EEincoming` file 
  which prohibits incoming cleartext messages from other domains. 
  An outside MTA trying to submit a cleartext message will 
  get a "523 Encryption Needed" response, see RFC5248. 
  If the file does not exist (as it the case for all existing accounts) 
  incoming cleartext messages are accepted. 
  ([#538](https://github.com/chatmail/server/pull/538))
 - Enforce end-to-end encryption between local addresses 
  ([#535](https://github.com/chatmail/server/pull/535))
 - unbound: check that port 53 is not occupied by a different process
  ([#537](https://github.com/chatmail/server/pull/537))
 - unbound: before unbound is there, use 9.9.9.9 for resolving
  ([#518](https://github.com/chatmail/relay/pull/518))
 - Limit the bind for the HTTPS server on 8443 to 127.0.0.1 
  ([#522](https://github.com/chatmail/server/pull/522))
  ([#532](https://github.com/chatmail/server/pull/532))
 - Send SNI when connecting to outside servers
  ([#524](https://github.com/chatmail/server/pull/524))
 - postfix master.cf: use 127.0.0.1 for consistency
  ([#544](https://github.com/chatmail/relay/pull/544))
 - Pass through `original_content` instead of `content` in filtermail
  ([#509](https://github.com/chatmail/server/pull/509))
 - Document TLS requirements in the readme
  ([#514](https://github.com/chatmail/server/pull/514))
 - Remove cleanup service from submission ports
  ([#512](https://github.com/chatmail/server/pull/512))
 - cmdeploy dovecot: delete big messages after 7 days
  ([#504](https://github.com/chatmail/server/pull/504))
 - mtail: fix getting logs from STDIN
  ([#502](https://github.com/chatmail/server/pull/502))
 - filtermail: don't require exactly 2 lines after openPGP payload
  ([#497](https://github.com/chatmail/server/pull/497))
 - cmdeploy dns: offer alternative DKIM record format for some web interfaces
  ([#470](https://github.com/chatmail/server/pull/470))
 - journald: remove old logs from disk
  ([#490](https://github.com/chatmail/server/pull/490))
 - opendkim: restart once every day to mend RAM leaks
  ([#498](https://github.com/chatmail/server/pull/498)
 - migration guide: let opendkim own the DKIM keys directory
  ([#468](https://github.com/chatmail/server/pull/468))
 - improve secure-join message detection
  ([#473](https://github.com/chatmail/server/pull/473))
 - use old crypt lib in python < 3.11
  ([#483](https://github.com/chatmail/server/pull/483))
 - chatmaild: set umask to 0700 for doveauth + metadata
  ([#490](https://github.com/chatmail/server/pull/492))
 - remove MTA-STS daemon
  ([#488](https://github.com/chatmail/server/pull/488))
 - replace `Subject` with `[...]` for all outgoing mails.
  ([#481](https://github.com/chatmail/server/pull/481))
 - opendkim: use su instead of sudo
  ([#491](https://github.com/chatmail/server/pull/491))
 ## 1.5.0 2024-12-20
 - cmdeploy dns: always show recommended DNS records
  ([#463](https://github.com/chatmail/server/pull/463))
 - add `--all` to `cmdeploy dns`
  ([#462](https://github.com/chatmail/server/pull/462))
 - fix `_mta-sts` TXT DNS record
  ([#461](https://github.com/chatmail/server/pull/461)
 - deploy `iroh-relay` and also update "realtime relay services" in privacy policy. 
  ([#434](https://github.com/chatmail/server/pull/434))
  ([#451](https://github.com/chatmail/server/pull/451))
 - add guide to migrate chatmail to a new server
  ([#429](https://github.com/chatmail/server/pull/429))
 - disable anvil authentication penalty
  ([#414](https://github.com/chatmail/server/pull/444)
 - increase `request_queue_size` for UNIX sockets to 1000.
  ([#437](https://github.com/chatmail/server/pull/437))
 - add argument to `cmdeploy run` for specifying
  a different SSH host than `mail_domain`
  ([#439](https://github.com/chatmail/server/pull/439))
 - query autoritative nameserver to bypass DNS cache
  ([#424](https://github.com/chatmail/server/pull/424))
 - add mtail support (new optional `mtail_address` ini value)
  This defines the address on which [`mtail`](https://google.github.io/mtail/)
  exposes its metrics collected from the logs.
  If you want to collect the metrics with Prometheus,
  setup a private network (e.g. WireGuard interface)
  and assign an IP address from this network to the host.
  If you do not plan to collect metrics,
  keep this setting unset.
  ([#388](https://github.com/chatmail/server/pull/388))
 - fix checking for required DNS records
  ([#412](https://github.com/chatmail/server/pull/412))
 - add support for specifying whole domains for recipient passthrough list
  ([#408](https://github.com/chatmail/server/pull/408))
 - add a paragraph about "account deletion" to info page 
  ([#405](https://github.com/chatmail/server/pull/405))
 - avoid nginx listening on ipv6 if v6 is dsiabled 
  ([#402](https://github.com/chatmail/server/pull/402))
 - refactor ssh-based execution to allow organizing remote functions in
  modules. 
  ([#396](https://github.com/chatmail/server/pull/396))
 - trigger "apt upgrade" during "cmdeploy run" 
  ([#398](https://github.com/chatmail/server/pull/398))
 - drop hispanilandia passthrough address
  ([#401](https://github.com/chatmail/server/pull/401))
 - set CAA record flags to 0
 - add IMAP capabilities instead of overwriting them
  ([#413](https://github.com/chatmail/server/pull/413))
 - fix OpenPGP payload check
  ([#435](https://github.com/chatmail/server/pull/435))
 - fix Dovecot quota_max_mail_size to use max_message_size config value
  ([#438](https://github.com/chatmail/server/pull/438))
 ## 1.4.1 2024-07-31
 - fix metadata dictproxy which would confuse transactions
  resulting in missed notifications and other issues. 
  ([#393](https://github.com/chatmail/server/pull/393))
  ([#394](https://github.com/chatmail/server/pull/394))
 - add optional "imap_rawlog" config option. If true, 
  .in/.out files are created in user home dirs 
  containing the imap protocol messages. 
  ([#389](https://github.com/chatmail/server/pull/389))
 ## 1.4.0 2024-07-28
 - Add `disable_ipv6` config option to chatmail.ini.
  Required if the server doesn't have IPv6 connectivity.
  ([#312](https://github.com/chatmail/server/pull/312))
 - allow current K9/Thunderbird-mail releases to send encrypted messages
  outside by accepting their localized "encrypted subject" strings. 
  ([#370](https://github.com/chatmail/server/pull/370))
 - Migrate and remove sqlite database in favor of password/lastlogin tracking 
  in a user's maildir.  
  ([#379](https://github.com/chatmail/server/pull/379))
 - Require pyinfra V3 installed on the client side,
  run `./scripts/initenv.sh` to upgrade locally.
  ([#378](https://github.com/chatmail/server/pull/378))
 - don't hardcode "/home/vmail" paths but rather set them 
  once in the config object and use it everywhere else, 
  thereby also improving testability.  
  ([#351](https://github.com/chatmail/server/pull/351))
  temporarily introduced obligatory "passdb_path" and "mailboxes_dir" 
  settings but they were removed/obsoleted in 
  ([#380](https://github.com/chatmail/server/pull/380))
 - BREAKING: new required chatmail.ini value 'delete_inactive_users_after = 100'
  which removes users from database and mails after 100 days without any login. 
  ([#350](https://github.com/chatmail/server/pull/350))
 - Refine DNS checking to distinguish between "required" and "recommended" settings 
  ([#372](https://github.com/chatmail/server/pull/372))
 - reload nginx in the acmetool cronjob
  ([#360](https://github.com/chatmail/server/pull/360))
 - remove checking of reverse-DNS PTR records.  Chatmail-servers don't
  depend on it and even in the wider e-mail system it's not common anymore. 
  If it's an issue, a chatmail operator can still care to properly set reverse DNS. 
  ([#348](https://github.com/chatmail/server/pull/348))
 - Make DNS-checking faster and more interactive, run it fully during "cmdeploy run",
  also introducing a generic mechanism for rapid remote ssh-based python function execution. 
  ([#346](https://github.com/chatmail/server/pull/346))
 - Don't fix file owner ship of /home/vmail 
  ([#345](https://github.com/chatmail/server/pull/345))
 - Support iterating over all users with doveadm commands 
  ([#344](https://github.com/chatmail/server/pull/344))
 - Test and fix for attempts to create inadmissible accounts 
  ([#333](https://github.com/chatmail/server/pull/321))
 - check that OpenPGP has only PKESK, SKESK and SEIPD packets
  ([#323](https://github.com/chatmail/server/pull/323),
   [#324](https://github.com/chatmail/server/pull/324))
 - improve filtermail checks for encrypted messages and drop support for unencrypted MDNs
  ([#320](https://github.com/chatmail/server/pull/320))
 - replace `bash` with `/bin/sh`
  ([#334](https://github.com/chatmail/server/pull/334))
 - Increase number of logged in IMAP sessions to 50000
  ([#335](https://github.com/chatmail/server/pull/335))
 - filtermail: do not allow ASCII armor without actual payload
  ([#325](https://github.com/chatmail/server/pull/325))
 - Remove sieve to enable hardlink deduplication in LMTP
  ([#343](https://github.com/chatmail/server/pull/343))
 - dovecot: enable gzip compression on disk
  ([#341](https://github.com/chatmail/server/pull/341))
 - DKIM-sign Content-Type and oversign all signed headers
  ([#296](https://github.com/chatmail/server/pull/296))
 - Add nonci_accounts metric
  ([#347](https://github.com/chatmail/server/pull/347))
 - doveauth: log when a new account is created
  ([#349](https://github.com/chatmail/server/pull/349))
 - Multiplex HTTPS, IMAP and SMTP on port 443
  ([#357](https://github.com/chatmail/server/pull/357))
 ## 1.3.0 - 2024-06-06
 - don't check necessary DNS records on cmdeploy init anymore
  ([#316](https://github.com/chatmail/server/pull/316))
 - ensure cron and acl are installed
  ([#293](https://github.com/chatmail/server/pull/293),
  [#310](https://github.com/chatmail/server/pull/310))
 - change default for delete_mails_after from 40 to 20 days
  ([#300](https://github.com/chatmail/server/pull/300))
 - save journald logs only to memory and save nginx logs to journald instead of file
  ([#299](https://github.com/chatmail/server/pull/299))
 - fix writing of multiple obs repositories in `/etc/apt/sources.list`
  ([#290](https://github.com/chatmail/server/pull/290))
 - metadata: add support for `/shared/vendor/deltachat/irohrelay`
  ([#284](https://github.com/chatmail/server/pull/284))
 - Emit "XCHATMAIL" capability from IMAP server 
  ([#278](https://github.com/chatmail/server/pull/278))
 - Move echobot `into /var/lib/echobot`
  ([#281](https://github.com/chatmail/server/pull/281))
 - Accept Let's Encrypt's new Terms of Services
  ([#275](https://github.com/chatmail/server/pull/276))
 - Reload Dovecot and Postfix when TLS certificate updates
  ([#271](https://github.com/chatmail/server/pull/271))
 - Use forked version of dovecot without hardcoded delays
  ([#270](https://github.com/chatmail/server/pull/270))
 ## 1.2.0 - 2024-04-04
 - Install dig on the server to resolve DNS records
  ([#267](https://github.com/chatmail/server/pull/267))
 - preserve notification order and exponentially backoff with 
  retries for tokens where we didn't get a successful return
  ([#265](https://github.com/chatmail/server/pull/263))
 - Run chatmail-metadata and doveauth as vmail
  ([#261](https://github.com/chatmail/server/pull/261))
 - Apply systemd restrictions to echobot
  ([#259](https://github.com/chatmail/server/pull/259))
 - re-enable running the CI in pull requests, but not concurrently 
  ([#258](https://github.com/chatmail/server/pull/258))
 ## 1.1.0 - 2024-03-28
 ### The changelog starts to record changes from March 15th, 2024 
 - Move systemd unit templates to cmdeploy package 
  ([#255](https://github.com/chatmail/server/pull/255))
 - Persist push tokens and support multiple device per address 
  ([#254](https://github.com/chatmail/server/pull/254))
 - Avoid warning for regular doveauth protocol's hello message. 
  ([#250](https://github.com/chatmail/server/pull/250))
 - Fix various tests to pass again with "cmdeploy test". 
  ([#245](https://github.com/chatmail/server/pull/245),
  [#242](https://github.com/chatmail/server/pull/242)
 - Ensure lets-encrypt certificates are reloaded after renewal 
  ([#244]) https://github.com/chatmail/server/pull/244
 - Persist tokens to avoid iOS users loosing push-notifications when the
  chatmail metadata service is restarted (happens regularly during deploys)
  ([#238](https://github.com/chatmail/server/pull/239)
 - Fix failing sieve-script compile errors on incoming messages
  ([#237](https://github.com/chatmail/server/pull/239)
 - Fix quota reporting after expunging of old mails
  ([#233](https://github.com/chatmail/server/pull/239)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,7 +0,0 @@
 # Contributing to the chatmail relay
 Commit messages follow the [Conventional Commits] notation.
 We use [git-cliff] to generate the changelog from commit messages before the release.
 [Conventional Commits]: https://www.conventionalcommits.org/
 [git-cliff]: https://git-cliff.org/
--- a/README.md
+++ b/README.md
@@ -1,20 +1,162 @@
-# Chatmail relays for end-to-end encrypted email
+<img width="800px" src="www/src/collage-top.png"/>
-Chatmail relay servers are interoperable Mail Transport Agents (MTAs) designed for: 
+# Chatmail services optimized for Delta Chat apps 
-  **Zero State:** no private data or metadata collected, messages are auto-deleted, low disk usage
+This repository helps to setup a ready-to-use chatmail server
 comprised of a minimal setup of the battle-tested 
 [postfix smtp](https://www.postfix.org) and [dovecot imap](https://www.dovecot.org) services. 
-  **Instant/Realtime:** sub-second message delivery, realtime P2P
+The setup is designed and optimized for providing chatmail accounts 
-   streaming, privacy-preserving Push Notifications for Apple, Google, and Huawei;
+for use by [Delta Chat apps](https://delta.chat).
-  **Security Enforcement**: only strict TLS, DKIM and OpenPGP with minimized metadata accepted
+Chatmail accounts are automatically created by a first login, 
 after which the initially specified password is required for using them. 
-  **Reliable Federation and Decentralization:** No spam or IP reputation checks, federating
+## Deploying your own chatmail server 
   depends on established IETF standards and protocols.
-This repository contains everything needed to setup a ready-to-use chatmail relay on an ssh-reachable host. 
+We use `chat.example.org` as the chatmail domain in the following steps. 
-For getting started and more information please refer to the web version of this repositories' documentation at
+Please substitute it with your own domain. 
 1. Install the `cmdeploy` command in a virtualenv
   ```
    git clone https://github.com/deltachat/chatmail
    cd chatmail
    scripts/initenv.sh
   ```
 2. Create chatmail configuration file `chatmail.ini`:
   ```
    scripts/cmdeploy init chat.example.org  # <-- use your domain 
   ```
 3. Setup first DNS records for your chatmail domain, 
   according to the hints provided by `cmdeploy init`.
   Verify that SSH root login works:
   ```
    ssh root@chat.example.org   # <-- use your domain 
   ```
 4. Deploy to the remote chatmail server:
   ```
    scripts/cmdeploy run
   ```
   This script will also show you additional DNS records
   which you should configure at your DNS provider
   (it can take some time until they are public).
 ### Other helpful commands:
 To check the status of your remotely running chatmail service:
 ```
 scripts/cmdeploy status
 ```
 To check whether your DNS records are correct:
 ```
 scripts/cmdeploy dns
 ```
 To test whether your chatmail service is working correctly:
 ```
 scripts/cmdeploy test
 ```
 To measure the performance of your chatmail service:
 ```
 scripts/cmdeploy bench
 ```
 ## Overview of this repository
 This repository drives the development of chatmail services, 
 comprised of minimal setups of
 - [postfix smtp server](https://www.postfix.org)
 - [dovecot imap server](https://www.dovecot.org)
 as well as custom services that are integrated with these two:
 - `chatmaild/src/chatmaild/doveauth.py` implements
  create-on-login account creation semantics and is used
  by Dovecot during login authentication and by Postfix
  which in turn uses [Dovecot SASL](https://doc.dovecot.org/configuration_manual/authentication/dict/#complete-example-for-authenticating-via-a-unix-socket)
  to authenticate users
  to send mails for them.
 - `chatmaild/src/chatmaild/filtermail.py` prevents
  unencrypted e-mail from leaving the chatmail service
  and is integrated into postfix's outbound mail pipelines.
 There is also the `cmdeploy/src/cmdeploy/cmdeploy.py` command line tool
 which helps with setting up and managing the chatmail service.
 `cmdeploy run` uses [pyinfra-based scripting](https://pyinfra.com/)
 in `cmdeploy/src/cmdeploy/__init__.py`
 to automatically install all chatmail components on a server.
 ### Home page and getting started for users
 `cmdeploy run` also creates default static Web pages and deploys them
 to a nginx web server with: 
 - a default `index.html` along with a QR code that users can click to
  create accounts on your chatmail provider,
 - a default `info.html` that is linked from the home page,
 - a default `policy.html` that is linked from the home page.
 All `.html` files are generated
 by the according markdown `.md` file in the `www/src` directory.
 ### Refining the web pages
 ```
 scripts/cmdeploy webdev
 ```
 This starts a local live development cycle for chatmail Web pages:
 - uses the `www/src/page-layout.html` file for producing static
  HTML pages from `www/src/*.md` files
 - continously builds the web presence reading files from `www/src` directory
  and generating html files and copying assets to the `www/build` directory.
 - Starts a browser window automatically where you can "refresh" as needed.
 ## Emergency Commands to disable automatic account creation
 If you need to stop account creation,
 e.g. because some script is wildly creating accounts,
 login to the server with ssh and run:
 ```
    touch /etc/chatmail-nocreate
 ```
 While this file is present, account creation will be blocked.
 ### Ports
 [Postfix](http://www.postfix.org/) listens on ports 25 (smtp) and 587 (submission) and 465 (submissions).
 [Dovecot](https://www.dovecot.org/) listens on ports 143 (imap) and 993 (imaps).
 [nginx](https://www.nginx.com/) listens on port 443 (https).
 [acmetool](https://hlandau.github.io/acmetool/) listens on port 80 (http).
 Delta Chat apps will, however, discover all ports and configurations
 automatically by reading the [autoconfig XML file](https://www.ietf.org/archive/id/draft-bucksch-autoconfig-00.html) from the chatmail service.
 [https://chatmail.at/doc/relay](https://chatmail.at/doc/relay)
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,15 +0,0 @@
 # Releasing a new version of chatmail relay
 For example, to release version 1.9.0 of chatmail relay, do the following steps.
 1. Update the changelog: `git cliff --unreleased --tag 1.9.0 --prepend CHANGELOG.md` or `git cliff -u -t 1.9.0 -p CHANGELOG.md`.
 2. Open the changelog in the editor, edit it if required.
 3. Commit the changes to the changelog with a commit message `chore(release): prepare for 1.9.0`.
 3. Tag the release: `git tag --annotate 1.9.0`.
 4. Push the release tag: `git push origin 1.9.0`.
 5. Create a GitHub release: `gh release create 1.9.0`.
--- a/chatmaild/MANIFEST.in
+++ b/chatmaild/MANIFEST.in
@@ -1,3 +1,4 @@
 include src/chatmaild/*.f 
 include src/chatmaild/ini/*.ini.f
 include src/chatmaild/ini/*.ini
 include src/chatmaild/tests/mail-data/*
--- a/chatmaild/pyproject.toml
+++ b/chatmaild/pyproject.toml
@@ -4,12 +4,12 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "chatmaild"
-version = "0.3"
+version = "0.2"
 dependencies = [
  "aiosmtpd",
  "iniconfig",
-  "filelock",
+  "deltachat-rpc-server",
-  "requests",
+  "deltachat-rpc-client",
  "crypt-r >= 3.13.1 ; python_version >= '3.11'",
 ]
 [tool.setuptools]
@@ -20,12 +20,9 @@ where = ['src']
 [project.scripts]
 doveauth = "chatmaild.doveauth:main"
-chatmail-metadata = "chatmaild.metadata:main"
+filtermail = "chatmaild.filtermail:main"
-chatmail-expire = "chatmaild.expire:daily_expire_main"
+echobot = "chatmaild.echo:main"
-chatmail-quota-expire = "chatmaild.expire:quota_expire_main"
+chatmail-metrics = "chatmaild.metrics:main"
 chatmail-fsreport = "chatmaild.fsreport:main"
 lastlogin = "chatmaild.lastlogin:main"
 turnserver = "chatmaild.turnserver:main"
 [project.entry-points.pytest11]
 "chatmaild.testplugin" = "chatmaild.tests.plugin"
@@ -36,19 +33,6 @@ log_format = "%(asctime)s %(levelname)s %(message)s"
 log_date_format = "%Y-%m-%d %H:%M:%S"
 log_level = "INFO"
 [tool.ruff]
 lint.select = [
  "F", # Pyflakes
  "I", # isort
  "PLC", # Pylint Convention
  "PLE", # Pylint Error
  "PLW", # Pylint Warning
 ]
 lint.ignore = [
  "PLC0415" # import-outside-top-level
 ]
 [tool.tox]
 legacy_tox_ini = """
 [tox]
@@ -60,15 +44,13 @@ skipdist = True
 skip_install = True
 deps =
  ruff
  black
 commands =
-  ruff format --quiet --diff src/
+  black --quiet --check --diff src/
-  ruff check src/
+  ruff src/
 [testenv]
 deps = pytest 
       pdbpp 
       pytest-localserver
       aiosmtpd
       execnet
 commands = pytest -v -rsXx {posargs}
 """
--- a/chatmaild/src/chatmaild/init.py
+++ b/chatmaild/src/chatmaild/init.py
@@ -1 +0,0 @@
--- a/chatmaild/src/chatmaild/config.py
+++ b/chatmaild/src/chatmaild/config.py
@@ -1,167 +1,48 @@
 from pathlib import Path
 import iniconfig
 from chatmaild.user import User
 def read_config(inipath):
    assert Path(inipath).exists(), inipath
    cfg = iniconfig.IniConfig(inipath)
-    params = cfg.sections["params"]
+    return Config(inipath, params=cfg.sections["params"])
    default_config_content = get_default_config_content(params["mail_domain"])
    df_params = iniconfig.IniConfig("ini", data=default_config_content)["params"]
    new_params = dict(df_params.items())
    new_params.update(params)
    return Config(inipath, params=new_params)
 class Config:
    def __init__(self, inipath, params):
        self._inipath = inipath
        self.mail_domain = params["mail_domain"]
-        self.max_user_send_per_minute = int(params.get("max_user_send_per_minute", 60))
+        self.max_user_send_per_minute = int(params["max_user_send_per_minute"])
        self.max_user_send_burst_size = int(params.get("max_user_send_burst_size", 10))
        self.max_mailbox_size = params["max_mailbox_size"]
        self.max_message_size = int(params.get("max_message_size", "31457280"))
        self.delete_mails_after = params["delete_mails_after"]
        self.delete_large_after = params["delete_large_after"]
        self.delete_inactive_users_after = int(params["delete_inactive_users_after"])
        self.username_min_length = int(params["username_min_length"])
        self.username_max_length = int(params["username_max_length"])
        self.password_min_length = int(params["password_min_length"])
        self.passthrough_senders = params["passthrough_senders"].split()
        self.passthrough_recipients = params["passthrough_recipients"].split()
-        self.www_folder = params.get("www_folder", "")
+        self.filtermail_smtp_port = int(params["filtermail_smtp_port"])
-        self.filtermail_smtp_port = int(params.get("filtermail_smtp_port", "10080"))
+        self.postfix_reinject_port = int(params["postfix_reinject_port"])
        self.filtermail_smtp_port_incoming = int(
            params.get("filtermail_smtp_port_incoming", "10081")
        )
        self.filtermail_http_port_incoming = int(
            params.get("filtermail_http_port_incoming", "10082")
        )
        self.filtermail_lmtp_port_transport = int(
            params.get("filtermail_lmtp_port_transport", "10083")
        )
        self.postfix_reinject_port = int(params.get("postfix_reinject_port", "10025"))
        self.postfix_reinject_port_incoming = int(
            params.get("postfix_reinject_port_incoming", "10026")
        )
        self.mtail_address = params.get("mtail_address")
        self.disable_ipv6 = params.get("disable_ipv6", "false").lower() == "true"
        self.acme_email = params.get("acme_email", "")
        self.imap_rawlog = params.get("imap_rawlog", "false").lower() == "true"
        self.imap_compress = params.get("imap_compress", "false").lower() == "true"
        if "iroh_relay" not in params:
            self.iroh_relay = "https://" + params["mail_domain"]
            self.enable_iroh_relay = True
        else:
            self.iroh_relay = params["iroh_relay"].strip()
            self.enable_iroh_relay = False
        self.privacy_postal = params.get("privacy_postal")
        self.privacy_mail = params.get("privacy_mail")
        self.privacy_pdo = params.get("privacy_pdo")
        self.privacy_supervisor = params.get("privacy_supervisor")
        # TLS certificate management.
        # If tls_external_cert_and_key is set, use externally managed certs.
        # Otherwise derived from the domain name:
        # - Domains starting with "_" use self-signed certificates
        # - All other domains use ACME.
        external = params.get("tls_external_cert_and_key", "").strip()
        if external:
            parts = external.split()
            if len(parts) != 2:
                raise ValueError(
                    "tls_external_cert_and_key must have two space-separated"
                    " paths: CERT_PATH KEY_PATH"
                )
            self.tls_cert_mode = "external"
            self.tls_cert_path, self.tls_key_path = parts
        elif self.mail_domain.startswith("_"):
            self.tls_cert_mode = "self"
            self.tls_cert_path = "/etc/ssl/certs/mailserver.pem"
            self.tls_key_path = "/etc/ssl/private/mailserver.key"
        else:
            self.tls_cert_mode = "acme"
            self.tls_cert_path = f"/var/lib/acme/live/{self.mail_domain}/fullchain"
            self.tls_key_path = f"/var/lib/acme/live/{self.mail_domain}/privkey"
        # deprecated option
        mbdir = params.get("mailboxes_dir", f"/home/vmail/mail/{self.mail_domain}")
        self.mailboxes_dir = Path(mbdir.strip())
        # old unused option (except for first migration from sqlite to maildir store)
        self.passdb_path = Path(params.get("passdb_path", "/home/vmail/passdb.sqlite"))
    @property
    def max_mailbox_size_mb(self):
        """Return max_mailbox_size as an integer in megabytes."""
        return parse_size_mb(self.max_mailbox_size)
    def _getbytefile(self):
        return open(self._inipath, "rb")
    def get_user(self, addr) -> User:
        if not addr or "@" not in addr or "/" in addr:
            raise ValueError(f"invalid address {addr!r}")
-        maildir = self.mailboxes_dir.joinpath(addr)
+def write_initial_config(inipath, mail_domain):
        password_path = maildir.joinpath("password")
        return User(maildir, addr, password_path, uid="vmail", gid="vmail")
 def parse_size_mb(limit):
    """Parse a size string like ``500M`` or ``2G`` and return megabytes."""
    value = limit.strip().upper().removesuffix("B")
    if value.endswith("G"):
        return int(value[:-1]) * 1024
    if value.endswith("M"):
        return int(value[:-1])
    return int(value)
 def write_initial_config(inipath, mail_domain, overrides):
    """Write out default config file, using the specified config value overrides."""
    content = get_default_config_content(mail_domain, **overrides)
    inipath.write_text(content)
 def get_default_config_content(mail_domain, **overrides):
    from importlib.resources import files
    inidir = files(__package__).joinpath("ini")
-    source_inipath = inidir.joinpath("chatmail.ini.f")
+    content = (
-    content = source_inipath.read_text().format(mail_domain=mail_domain)
+        inidir.joinpath("chatmail.ini.f").read_text().format(mail_domain=mail_domain)
-
+    )
    # apply config overrides
    new_lines = []
    extra = overrides.copy()
    for line in content.split("\n"):
        new_line = line.strip()
        if new_line and new_line[0] not in "#[":
            name, value = map(str.strip, new_line.split("=", maxsplit=1))
            value = extra.pop(name, value)
            new_line = f"{name} = {value}"
        new_lines.append(new_line)
    for name, value in extra.items():
        new_line = f"{name} = {value}"
        new_lines.append(new_line)
    content = "\n".join(new_lines)
    # apply testrun privacy overrides
    if mail_domain.endswith(".testrun.org"):
        override_inipath = inidir.joinpath("override-testrun.ini")
        privacy = iniconfig.IniConfig(override_inipath)["privacy"]
        lines = []
        for line in content.split("\n"):
            for key, value in privacy.items():
-                value_lines = value.format(mail_domain=mail_domain).strip().split("\n")
+                value_lines = value.strip().split("\n")
                if not line.startswith(f"{key} =") or not value_lines:
                    continue
                if len(value_lines) == 1:
@@ -174,4 +55,5 @@ def get_default_config_content(mail_domain, **overrides):
            else:
                lines.append(line)
        content = "\n".join(lines)
-    return content
+
    inipath.write_text(content)
--- a/chatmaild/src/chatmaild/database.py
+++ b/chatmaild/src/chatmaild/database.py
@@ -0,0 +1,133 @@
 import sqlite3
 import contextlib
 import time
 from pathlib import Path
 class DBError(Exception):
    """error during an operation on the database."""
 class Connection:
    def __init__(self, sqlconn, write):
        self._sqlconn = sqlconn
        self._write = write
    def close(self):
        self._sqlconn.close()
    def commit(self):
        self._sqlconn.commit()
    def rollback(self):
        self._sqlconn.rollback()
    def execute(self, query, params=()):
        cur = self.cursor()
        try:
            cur.execute(query, params)
        except sqlite3.IntegrityError as e:
            raise DBError(e)
        return cur
    def cursor(self):
        return self._sqlconn.cursor()
    def get_user(self, addr: str) -> {}:
        """Get a row from the users table."""
        q = "SELECT addr, password, last_login from users WHERE addr = ?"
        row = self._sqlconn.execute(q, (addr,)).fetchone()
        result = {}
        if row:
            result = dict(
                user=row[0],
                password=row[1],
                last_login=row[2],
            )
        return result
 class Database:
    def __init__(self, path: str):
        self.path = Path(path)
        self.ensure_tables()
    def _get_connection(
        self, write=False, transaction=False, closing=False
    ) -> Connection:
        # we let the database serialize all writers at connection time
        # to play it very safe (we don't have massive amounts of writes).
        mode = "ro"
        if write:
            mode = "rw"
        if not self.path.exists():
            mode = "rwc"
        uri = "file:%s?mode=%s" % (self.path, mode)
        sqlconn = sqlite3.connect(
            uri,
            timeout=60,
            isolation_level=None if transaction else "DEFERRED",
            uri=True,
        )
        # Enable Write-Ahead Logging to avoid readers blocking writers and vice versa.
        if write:
            sqlconn.execute("PRAGMA journal_mode=wal")
        if transaction:
            start_time = time.time()
            while 1:
                try:
                    sqlconn.execute("begin immediate")
                    break
                except sqlite3.OperationalError:
                    # another thread may be writing, give it a chance to finish
                    time.sleep(0.1)
                    if time.time() - start_time > 5:
                        # if it takes this long, something is wrong
                        raise
        conn = Connection(sqlconn, write=write)
        if closing:
            conn = contextlib.closing(conn)
        return conn
    @contextlib.contextmanager
    def write_transaction(self):
        conn = self._get_connection(closing=False, write=True, transaction=True)
        try:
            yield conn
        except Exception:
            conn.rollback()
            conn.close()
            raise
        else:
            conn.commit()
            conn.close()
    def read_connection(self, closing=True) -> Connection:
        return self._get_connection(closing=closing, write=False)
    def get_schema_version(self) -> int:
        with self.read_connection() as conn:
            dbversion = conn.execute("PRAGMA user_version").fetchone()[0]
        return dbversion
    CURRENT_DBVERSION = 1
    def ensure_tables(self):
        with self.write_transaction() as conn:
            if self.get_schema_version() > 1:
                raise DBError(
                    "version is %s; downgrading schema is not supported"
                    % (self.get_schema_version(),)
                )
            conn.execute(
                """
                CREATE TABLE IF NOT EXISTS users (
                    addr TEXT PRIMARY KEY,
                    password TEXT,
                    last_login INTEGER
                )
            """,
            )
            conn.execute("PRAGMA user_version=%s" % (self.CURRENT_DBVERSION,))
--- a/chatmaild/src/chatmaild/dictproxy.py
+++ b/chatmaild/src/chatmaild/dictproxy.py
@@ -1,98 +0,0 @@
 import logging
 import os
 from socketserver import StreamRequestHandler, ThreadingUnixStreamServer
 class DictProxy:
    def loop_forever(self, rfile, wfile):
        # Transaction storage is local to each handler loop.
        # Dovecot reuses transaction IDs across connections,
        # starting transaction with the name `1`
        # on two different connections to the same proxy sometimes.
        transactions = {}
        while True:
            msg = rfile.readline().strip().decode()
            if not msg:
                break
            res = self.handle_dovecot_request(msg, transactions)
            if res:
                wfile.write(res.encode("ascii"))
                wfile.flush()
    def handle_dovecot_request(self, msg, transactions):
        # see https://doc.dovecot.org/2.3/developer_manual/design/dict_protocol/#dovecot-dict-protocol
        short_command = msg[0]
        parts = msg[1:].split("\t")
        if short_command == "L":
            return self.handle_lookup(parts)
        elif short_command == "I":
            return self.handle_iterate(parts)
        elif short_command == "H":
            return  # no version checking
        if short_command not in ("BSC"):
            logging.warning(f"unknown dictproxy request: {msg!r}")
            return
        transaction_id = parts[0]
        if short_command == "B":
            return self.handle_begin_transaction(transaction_id, parts, transactions)
        elif short_command == "C":
            return self.handle_commit_transaction(transaction_id, parts, transactions)
        elif short_command == "S":
            addr = transactions[transaction_id]["addr"]
            if not self.handle_set(addr, parts):
                transactions[transaction_id]["res"] = "F\n"
                logging.error(f"dictproxy-set failed for {addr!r}: {msg!r}")
    def handle_lookup(self, parts):
        logging.warning(f"lookup ignored: {parts!r}")
        return "N\n"
    def handle_iterate(self, parts):
        # Empty line means ITER_FINISHED.
        # If we don't return empty line Dovecot will timeout.
        return "\n"
    def handle_begin_transaction(self, transaction_id, parts, transactions):
        addr = parts[1]
        transactions[transaction_id] = dict(addr=addr, res="O\n")
    def handle_set(self, addr, parts):
        # For documentation on key structure see
        # https://github.com/dovecot/core/blob/main/src/lib-storage/mailbox-attribute.h
        return False
    def handle_commit_transaction(self, transaction_id, parts, transactions):
        # return whatever "set" command(s) set as result.
        return transactions.pop(transaction_id)["res"]
    def serve_forever_from_socket(self, socket):
        dictproxy = self
        class Handler(StreamRequestHandler):
            def handle(self):
                try:
                    dictproxy.loop_forever(self.rfile, self.wfile)
                except Exception:
                    logging.exception("Exception in the handler")
                    raise
        try:
            os.unlink(socket)
        except FileNotFoundError:
            pass
        with CustomThreadingUnixStreamServer(socket, Handler) as server:
            try:
                server.serve_forever()
            except KeyboardInterrupt:
                pass
 class CustomThreadingUnixStreamServer(ThreadingUnixStreamServer):
    request_queue_size = 1000
--- a/chatmaild/src/chatmaild/doveauth.py
+++ b/chatmaild/src/chatmaild/doveauth.py
@@ -1,27 +1,25 @@
 import json
 import logging
 import os
-import re
+import time
 import sys
 import json
 import crypt
 from socketserver import (
    UnixStreamServer,
    StreamRequestHandler,
    ThreadingMixIn,
 )
 import pwd
-import filelock
+from .database import Database
-
+from .config import read_config, Config
 try:
    import crypt_r
 except ImportError:
    import crypt as crypt_r
 from .config import Config, read_config
 from .dictproxy import DictProxy
 from .migrate_db import migrate_from_db_to_maildir
 NOCREATE_FILE = "/etc/chatmail-nocreate"
 VALID_LOCALPART_RE = re.compile(r"^[a-z0-9._-]+$")
 def encrypt_password(password: str):
-    # https://doc.dovecot.org/2.3/configuration_manual/authentication/password_schemes/
+    # https://doc.dovecot.org/configuration_manual/authentication/password_schemes/
-    passhash = crypt_r.crypt(password, crypt_r.METHOD_SHA512)
+    passhash = crypt.crypt(password, crypt.METHOD_SHA512)
    return "{SHA512-CRYPT}" + passhash
@@ -48,21 +46,58 @@ def is_allowed_to_create(config: Config, user, cleartext_password) -> bool:
        len(localpart) > config.username_max_length
        or len(localpart) < config.username_min_length
    ):
-        logging.warning(
+        if localpart != "echo":
-            "localpart %s has to be between %s and %s chars long",
+            logging.warning(
-            localpart,
+                "localpart %s has to be between %s and %s chars long",
-            config.username_min_length,
+                localpart,
-            config.username_max_length,
+                config.username_min_length,
-        )
+                config.username_max_length,
-        return False
+            )
-
+            return False
    if not VALID_LOCALPART_RE.match(localpart):
        logging.warning("localpart %r contains invalid characters", localpart)
        return False
    return True
 def get_user_data(db, user):
    with db.read_connection() as conn:
        result = conn.get_user(user)
    if result:
        result["uid"] = "vmail"
        result["gid"] = "vmail"
    return result
 def lookup_userdb(db, user):
    return get_user_data(db, user)
 def lookup_passdb(db, config: Config, user, cleartext_password):
    with db.write_transaction() as conn:
        userdata = conn.get_user(user)
        if userdata:
            # Update last login time.
            conn.execute(
                "UPDATE users SET last_login=? WHERE addr=?", (int(time.time()), user)
            )
            userdata["uid"] = "vmail"
            userdata["gid"] = "vmail"
            return userdata
        if not is_allowed_to_create(config, user, cleartext_password):
            return
        encrypted_password = encrypt_password(cleartext_password)
        q = """INSERT INTO users (addr, password, last_login)
               VALUES (?, ?, ?)"""
        conn.execute(q, (user, encrypted_password, int(time.time())))
        return dict(
            home=f"/home/vmail/mail/{config.mail_domain}/{user}",
            uid="vmail",
            gid="vmail",
            password=encrypted_password,
        )
 def split_and_unescape(s):
    """Split strings using double quote as a separator and backslash as escape character
    into parts."""
@@ -89,12 +124,11 @@ def split_and_unescape(s):
    yield out
-class AuthDictProxy(DictProxy):
+def handle_dovecot_request(msg, db, config: Config):
-    def __init__(self, config):
+    short_command = msg[0]
-        super().__init__()
+    if short_command == "L":  # LOOKUP
-        self.config = config
+        parts = msg[1:].split("\t")
    def handle_lookup(self, parts):
        # Dovecot <2.3.17 has only one part,
        # do not attempt to read any other parts for compatibility.
        keyname = parts[0]
@@ -102,14 +136,13 @@ class AuthDictProxy(DictProxy):
        namespace, type, args = keyname.split("/", 2)
        args = list(split_and_unescape(args))
        config = self.config
        reply_command = "F"
        res = ""
        if namespace == "shared":
            if type == "userdb":
                user = args[0]
                if user.endswith(f"@{config.mail_domain}"):
-                    res = self.lookup_userdb(user)
+                    res = lookup_userdb(db, user)
                if res:
                    reply_command = "O"
                else:
@@ -117,53 +150,55 @@ class AuthDictProxy(DictProxy):
            elif type == "passdb":
                user = args[1]
                if user.endswith(f"@{config.mail_domain}"):
-                    res = self.lookup_passdb(user, cleartext_password=args[0])
+                    res = lookup_passdb(db, config, user, cleartext_password=args[0])
                if res:
                    reply_command = "O"
                else:
                    reply_command = "N"
        json_res = json.dumps(res) if res else ""
        return f"{reply_command}{json_res}\n"
    return None
    def handle_iterate(self, parts):
        # example: I0\t0\tshared/userdb/
        if parts[2] == "shared/userdb/":
            result = "".join(
                f"Oshared/userdb/{user}\t\n" for user in self.iter_userdb()
            )
            return f"{result}\n"
-    def iter_userdb(self) -> list:
+def handle_dovecot_protocol(rfile, wfile, db: Database, config: Config):
-        """Get a list of all user addresses."""
+    while True:
-        return [x for x in os.listdir(self.config.mailboxes_dir) if "@" in x]
+        msg = rfile.readline().strip().decode()
        if not msg:
            break
        res = handle_dovecot_request(msg, db, config)
        if res:
            wfile.write(res.encode("ascii"))
            wfile.flush()
        else:
            logging.warning("request had no answer: %r", msg)
    def lookup_userdb(self, addr):
        return self.config.get_user(addr).get_userdb_dict()
-    def lookup_passdb(self, addr, cleartext_password):
+class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer):
-        user = self.config.get_user(addr)
+    request_queue_size = 100
        userdata = user.get_userdb_dict()
        if userdata:
            return userdata
        if not is_allowed_to_create(self.config, addr, cleartext_password):
            return
        lock = filelock.FileLock(str(user.password_path) + ".lock", timeout=5)
        with lock:
            userdata = user.get_userdb_dict()
            if userdata:
                return userdata
            user.set_password(encrypt_password(cleartext_password))
            print(f"Created address: {addr}", file=sys.stderr)
        return user.get_userdb_dict()
 def main():
-    socket, cfgpath = sys.argv[1:]
+    socket = sys.argv[1]
-    config = read_config(cfgpath)
+    passwd_entry = pwd.getpwnam(sys.argv[2])
    db = Database(sys.argv[3])
    config = read_config(sys.argv[4])
-    migrate_from_db_to_maildir(config)
+    class Handler(StreamRequestHandler):
        def handle(self):
            try:
                handle_dovecot_protocol(self.rfile, self.wfile, db, config)
            except Exception:
                logging.exception("Exception in the handler")
                raise
-    dictproxy = AuthDictProxy(config=config)
+    try:
        os.unlink(socket)
    except FileNotFoundError:
        pass
-    dictproxy.serve_forever_from_socket(socket)
+    with ThreadedUnixStreamServer(socket, Handler) as server:
        os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid)
        try:
            server.serve_forever()
        except KeyboardInterrupt:
            pass
--- a/cmdeploy/src/cmdeploy/service/doveauth.service.f
+++ b/cmdeploy/src/cmdeploy/service/doveauth.service.f
@@ -2,12 +2,9 @@
 Description=Chatmail dict authentication proxy for dovecot
 [Service]
-ExecStart={execpath} /run/doveauth/doveauth.socket {config_path}
+ExecStart={execpath} /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite {config_path}
 Restart=always
 RestartSec=30
 User=vmail
 RuntimeDirectory=doveauth
 UMask=0077
 [Install]
 WantedBy=multi-user.target
--- a/chatmaild/src/chatmaild/echo.py
+++ b/chatmaild/src/chatmaild/echo.py
@@ -0,0 +1,84 @@
 #!/usr/bin/env python3
 """Advanced echo bot example.
 it will echo back any message that has non-empty text and also supports the /help command.
 """
 import logging
 import os
 import sys
 from deltachat_rpc_client import Bot, DeltaChat, EventType, Rpc, events
 from chatmaild.newemail import create_newemail_dict
 from chatmaild.config import read_config
 hooks = events.HookCollection()
@hooks.on(events.RawEvent)
 def log_event(event):
    if event.kind == EventType.INFO:
        logging.info(event.msg)
    elif event.kind == EventType.WARNING:
        logging.warning(event.msg)
@hooks.on(events.RawEvent(EventType.ERROR))
 def log_error(event):
    logging.error(event.msg)
@hooks.on(events.MemberListChanged)
 def on_memberlist_changed(event):
    logging.info(
        "member %s was %s", event.member, "added" if event.member_added else "removed"
    )
@hooks.on(events.GroupImageChanged)
 def on_group_image_changed(event):
    logging.info("group image %s", "deleted" if event.image_deleted else "changed")
@hooks.on(events.GroupNameChanged)
 def on_group_name_changed(event):
    logging.info("group name changed, old name: %s", event.old_name)
@hooks.on(events.NewMessage(func=lambda e: not e.command))
 def echo(event):
    snapshot = event.message_snapshot
    if snapshot.text or snapshot.file:
        snapshot.chat.send_message(text=snapshot.text, file=snapshot.file)
@hooks.on(events.NewMessage(command="/help"))
 def help_command(event):
    snapshot = event.message_snapshot
    snapshot.chat.send_text("Send me any message and I will echo it back")
 def main():
    path = os.environ.get("PATH")
    venv_path = sys.argv[0].strip("echobot")
    os.environ["PATH"] = path + ":" + venv_path
    with Rpc() as rpc:
        deltachat = DeltaChat(rpc)
        system_info = deltachat.get_system_info()
        logging.info("Running deltachat core %s", system_info.deltachat_core_version)
        accounts = deltachat.get_all_accounts()
        account = accounts[0] if accounts else deltachat.add_account()
        bot = Bot(account, hooks)
        if not bot.is_configured():
            config = read_config(sys.argv[1])
            password = create_newemail_dict(config).get("password")
            email = "echo@" + config.mail_domain
            bot.configure(email, password)
        bot.run_forever()
 if __name__ == "__main__":
    logging.basicConfig(level=logging.INFO)
    main()
--- a/chatmaild/src/chatmaild/echobot.service.f
+++ b/chatmaild/src/chatmaild/echobot.service.f
@@ -0,0 +1,11 @@
 [Unit]
 Description=Chatmail echo bot for testing it works
 [Service]
 ExecStart={execpath} {config_path}
 Environment="PATH={remote_venv_dir}:$PATH"
 Restart=always
 RestartSec=30
 [Install]
 WantedBy=multi-user.target
--- a/chatmaild/src/chatmaild/expire.py
+++ b/chatmaild/src/chatmaild/expire.py
@@ -1,292 +0,0 @@
 """
 Expire old messages and addresses.
 """
 import os
 import re
 import shutil
 import sys
 import time
 from argparse import ArgumentParser
 from collections import namedtuple
 from datetime import datetime
 from pathlib import Path
 from stat import S_ISREG
 from chatmaild.config import read_config
 FileEntry = namedtuple("FileEntry", ("path", "mtime", "size"))
 QuotaFileEntry = namedtuple("QuotaFileEntry", ("mtime", "quota_size", "path"))
 # Quota cleanup factor of max_mailbox_size. The mailbox is reset to this size.
 QUOTA_CLEANUP_FACTOR = 0.7
 # e.g. "cur/1775324677.M448978P3029757.exam,S=3235,W=3305:2,S"
 _dovecot_fn_rex = re.compile(r".+/(\d+)\..+,S=(\d+)")
 def iter_mailboxes(basedir, maxnum):
    if not os.path.exists(basedir):
        print_info(f"no mailboxes found at: {basedir}")
        return
    for name in os_listdir_if_exists(basedir)[:maxnum]:
        if "@" in name:
            yield MailboxStat(basedir + "/" + name)
 def get_file_entry(path):
    """return a FileEntry or None if the path does not exist or is not a regular file."""
    try:
        st = os.stat(path)
    except FileNotFoundError:
        return None
    if not S_ISREG(st.st_mode):
        return None
    return FileEntry(path, st.st_mtime, st.st_size)
 def os_listdir_if_exists(path):
    """return a list of names obtained from os.listdir or an empty list if the path does not exist."""
    try:
        return os.listdir(path)
    except FileNotFoundError:
        return []
 class MailboxStat:
    last_login = None
    def __init__(self, basedir):
        self.basedir = str(basedir)
        self.messages = []
        self.extrafiles = []
        self.scandir(self.basedir)
    def scandir(self, folderdir):
        for name in os_listdir_if_exists(folderdir):
            path = f"{folderdir}/{name}"
            if name in ("cur", "new", "tmp"):
                for msg_name in os_listdir_if_exists(path):
                    entry = get_file_entry(f"{path}/{msg_name}")
                    if entry is not None:
                        self.messages.append(entry)
            elif os.path.isdir(path):
                self.scandir(path)
            else:
                entry = get_file_entry(path)
                if entry is not None:
                    self.extrafiles.append(entry)
                    if name == "password":
                        self.last_login = entry.mtime
        self.extrafiles.sort(key=lambda x: -x.size)
 def parse_dovecot_filename(relpath):
    m = _dovecot_fn_rex.match(relpath)
    if not m:
        return None
    return QuotaFileEntry(int(m.group(1)), int(m.group(2)), relpath)
 def scan_mailbox_messages(mbox):
    messages = []
    for sub in ("cur", "new"):
        for name in os_listdir_if_exists(mbox / sub):
            if entry := parse_dovecot_filename(f"{sub}/{name}"):
                messages.append(entry)
    return messages
 def expire_to_target(mbox, target_bytes):
    messages = scan_mailbox_messages(mbox)
    total_size = sum(m.quota_size for m in messages)
    # Keep recent 24 hours of messages protected from expiry because
    # likely something is wrong with interactions on that address
    # and quota-full signal can help the address owner's device to notice it
    undeletable_messages_cutoff = time.time() - (3600 * 24)
    removed = 0
    for entry in sorted(messages):
        if total_size <= target_bytes:
            break
        if entry.mtime > undeletable_messages_cutoff:
            break
        (mbox / entry.path).unlink(missing_ok=True)
        total_size -= entry.quota_size
        removed += 1
    return removed
 def print_info(msg):
    print(msg, file=sys.stderr)
 class Expiry:
    def __init__(self, config, dry, now, verbose):
        self.config = config
        self.dry = dry
        self.now = now
        self.verbose = verbose
        self.del_mboxes = 0
        self.all_mboxes = 0
        self.del_files = 0
        self.all_files = 0
        self.start = time.time()
    def remove_mailbox(self, mboxdir):
        if self.verbose:
            print_info(f"removing {mboxdir}")
        if not self.dry:
            shutil.rmtree(mboxdir)
        self.del_mboxes += 1
    def remove_file(self, path, mtime=None):
        if self.verbose:
            if mtime is not None:
                date = datetime.fromtimestamp(mtime).strftime("%b %d")
                print_info(f"removing {date} {path}")
            else:
                print_info(f"removing {path}")
        if not self.dry:
            try:
                os.unlink(path)
            except FileNotFoundError:
                print_info(f"file not found/vanished {path}")
        self.del_files += 1
    def process_mailbox_stat(self, mbox):
        cutoff_without_login = (
            self.now - int(self.config.delete_inactive_users_after) * 86400
        )
        cutoff_mails = self.now - int(self.config.delete_mails_after) * 86400
        cutoff_large_mails = self.now - int(self.config.delete_large_after) * 86400
        self.all_mboxes += 1
        changed = False
        if mbox.last_login and mbox.last_login < cutoff_without_login:
            self.remove_mailbox(mbox.basedir)
            return
        mboxname = os.path.basename(mbox.basedir)
        if self.verbose:
            date = datetime.fromtimestamp(mbox.last_login) if mbox.last_login else None
            if date:
                print_info(f"checking mailbox {date.strftime('%b %d')} {mboxname}")
            else:
                print_info(f"checking mailbox (no last_login) {mboxname}")
        self.all_files += len(mbox.messages)
        for message in mbox.messages:
            if message.mtime < cutoff_mails:
                self.remove_file(message.path, mtime=message.mtime)
            elif message.size > 200000 and message.mtime < cutoff_large_mails:
                # we only remove noticed large files (not unnoticed ones in new/)
                parts = message.path.split("/")
                if len(parts) >= 2 and parts[-2] == "cur":
                    self.remove_file(message.path, mtime=message.mtime)
            else:
                continue
            changed = True
        target_bytes = (
            self.config.max_mailbox_size_mb * 1024 * 1024 * QUOTA_CLEANUP_FACTOR
        )
        removed = expire_to_target(Path(mbox.basedir), target_bytes)
        if removed:
            changed = True
            self.del_files += removed
            if self.verbose:
                print_info(
                    f"quota-expire: removed {removed} message(s) from {mboxname}"
                )
        if changed:
            self.remove_file(f"{mbox.basedir}/maildirsize")
    def get_summary(self):
        return (
            f"Removed {self.del_mboxes} out of {self.all_mboxes} mailboxes "
            f"and {self.del_files} out of {self.all_files} files in existing mailboxes "
            f"in {time.time() - self.start:2.2f} seconds"
        )
 def daily_expire_main(args=None):
    """Expire mailboxes and messages according to chatmail config"""
    parser = ArgumentParser(description=daily_expire_main.__doc__)
    ini = "/usr/local/lib/chatmaild/chatmail.ini"
    parser.add_argument(
        "chatmail_ini",
        action="store",
        nargs="?",
        help=f"path pointing to chatmail.ini file, default: {ini}",
        default=ini,
    )
    parser.add_argument(
        "--days", action="store", help="assume date to be days older than now"
    )
    parser.add_argument(
        "--maxnum",
        default=None,
        action="store",
        help="maximum number of mailboxes to iterate on",
    )
    parser.add_argument(
        "-v",
        dest="verbose",
        action="store_true",
        help="print out removed files and mailboxes",
    )
    parser.add_argument(
        "--remove",
        dest="remove",
        action="store_true",
        help="actually remove all expired files and dirs",
    )
    args = parser.parse_args(args)
    config = read_config(args.chatmail_ini)
    now = datetime.utcnow().timestamp()
    if args.days:
        now = now - 86400 * int(args.days)
    maxnum = int(args.maxnum) if args.maxnum else None
    exp = Expiry(config, dry=not args.remove, now=now, verbose=args.verbose)
    for mailbox in iter_mailboxes(str(config.mailboxes_dir), maxnum=maxnum):
        exp.process_mailbox_stat(mailbox)
    print(exp.get_summary())
 def quota_expire_main(args=None):
    """Remove mailbox messages to stay within a megabyte target.
    This entry point is called by dovecot when a quota threshold is passed.
    """
    parser = ArgumentParser(description=quota_expire_main.__doc__)
    parser.add_argument(
        "target_mb",
        type=int,
        help="target mailbox size in megabytes",
    )
    parser.add_argument(
        "mailbox_path",
        type=Path,
        help="path to a user mailbox",
    )
    args = parser.parse_args(args)
    target_bytes = args.target_mb * 1024 * 1024
    removed_count = expire_to_target(args.mailbox_path, target_bytes)
    if removed_count:
        (args.mailbox_path / "maildirsize").unlink(missing_ok=True)
        print(
            f"quota-expire: removed {removed_count} message(s)"
            f" from {args.mailbox_path.name}",
            file=sys.stderr,
        )
    return 0
--- a/chatmaild/src/chatmaild/filedict.py
+++ b/chatmaild/src/chatmaild/filedict.py
@@ -1,44 +0,0 @@
 import json
 import logging
 import os
 from contextlib import contextmanager
 from random import randint
 import filelock
 class FileDict:
    """Concurrency-safe multi-reader/single-writer persistent dict."""
    def __init__(self, path):
        self.path = path
        self.lock_path = path.with_name(path.name + ".lock")
    @contextmanager
    def modify(self):
        # the OS will release the lock if the process dies,
        # and the contextmanager will otherwise guarantee release
        with filelock.FileLock(self.lock_path):
            data = self.read()
            yield data
            write_path = self.path.with_name(self.path.name + ".tmp")
            with write_path.open("w") as f:
                json.dump(data, f)
            os.rename(write_path, self.path)
    def read(self):
        try:
            with self.path.open("r") as f:
                return json.load(f)
        except FileNotFoundError:
            return {}
        except Exception:
            logging.warning(f"corrupt serialization state at: {self.path!r}")
            return {}
 def write_bytes_atomic(path, content):
    rint = randint(0, 10000000)
    tmp = path.with_name(path.name + f".tmp-{rint}")
    tmp.write_bytes(content)
    os.rename(tmp, path)
--- a/chatmaild/src/chatmaild/filtermail.py
+++ b/chatmaild/src/chatmaild/filtermail.py
@@ -0,0 +1,163 @@
 #!/usr/bin/env python3
 import asyncio
 import logging
 import time
 import sys
 from email.parser import BytesParser
 from email import policy
 from email.utils import parseaddr
 from aiosmtpd.controller import Controller
 from smtplib import SMTP as SMTPClient
 from .config import read_config
 def check_encrypted(message):
    """Check that the message is an OpenPGP-encrypted message."""
    if not message.is_multipart():
        return False
    if message.get("subject") != "...":
        return False
    if message.get_content_type() != "multipart/encrypted":
        return False
    parts_count = 0
    for part in message.iter_parts():
        if parts_count == 0:
            if part.get_content_type() != "application/pgp-encrypted":
                return False
        elif parts_count == 1:
            if part.get_content_type() != "application/octet-stream":
                return False
        else:
            return False
        parts_count += 1
    return True
 def check_mdn(message, envelope):
    if len(envelope.rcpt_tos) != 1:
        return False
    for name in ["auto-submitted", "chat-version"]:
        if not message.get(name):
            return False
    if message.get_content_type() != "multipart/report":
        return False
    body = message.get_body()
    if body.get_content_type() != "text/plain":
        return False
    if list(body.iter_attachments()) or list(body.iter_parts()):
        return False
    # even with all mime-structural checks an attacker
    # could try to abuse the subject or body to contain links or other
    # annoyance -- we skip on checking subject/body for now as Delta Chat
    # should evolve to create E2E-encrypted read receipts anyway.
    # and then MDNs are just encrypted mail and can pass the border
    # to other instances.
    return True
 async def asyncmain_beforequeue(config):
    port = config.filtermail_smtp_port
    Controller(BeforeQueueHandler(config), hostname="127.0.0.1", port=port).start()
 class BeforeQueueHandler:
    def __init__(self, config):
        self.config = config
        self.send_rate_limiter = SendRateLimiter()
    async def handle_MAIL(self, server, session, envelope, address, mail_options):
        logging.info(f"handle_MAIL from {address}")
        envelope.mail_from = address
        max_sent = self.config.max_user_send_per_minute
        if not self.send_rate_limiter.is_sending_allowed(address, max_sent):
            return f"450 4.7.1: Too much mail from {address}"
        parts = envelope.mail_from.split("@")
        if len(parts) != 2:
            return f"500 Invalid from address <{envelope.mail_from!r}>"
        return "250 OK"
    async def handle_DATA(self, server, session, envelope):
        logging.info("handle_DATA before-queue")
        error = self.check_DATA(envelope)
        if error:
            return error
        logging.info("re-injecting the mail that passed checks")
        client = SMTPClient("localhost", self.config.postfix_reinject_port)
        client.sendmail(envelope.mail_from, envelope.rcpt_tos, envelope.content)
        return "250 OK"
    def check_DATA(self, envelope):
        """the central filtering function for e-mails."""
        logging.info(f"Processing DATA message from {envelope.mail_from}")
        message = BytesParser(policy=policy.default).parsebytes(envelope.content)
        mail_encrypted = check_encrypted(message)
        _, from_addr = parseaddr(message.get("from").strip())
        logging.info(f"mime-from: {from_addr} envelope-from: {envelope.mail_from!r}")
        if envelope.mail_from.lower() != from_addr.lower():
            return f"500 Invalid FROM <{from_addr!r}> for <{envelope.mail_from!r}>"
        if not mail_encrypted and check_mdn(message, envelope):
            return
        if envelope.mail_from in self.config.passthrough_senders:
            return
        passthrough_recipients = self.config.passthrough_recipients
        envelope_from_domain = from_addr.split("@").pop()
        for recipient in envelope.rcpt_tos:
            if envelope.mail_from == recipient:
                # Always allow sending emails to self.
                continue
            if recipient in passthrough_recipients:
                continue
            res = recipient.split("@")
            if len(res) != 2:
                return f"500 Invalid address <{recipient}>"
            _recipient_addr, recipient_domain = res
            is_outgoing = recipient_domain != envelope_from_domain
            if is_outgoing and not mail_encrypted:
                is_securejoin = message.get("secure-join") in [
                    "vc-request",
                    "vg-request",
                ]
                if not is_securejoin:
                    return f"500 Invalid unencrypted mail to <{recipient}>"
 class SendRateLimiter:
    def __init__(self):
        self.addr2timestamps = {}
    def is_sending_allowed(self, mail_from, max_send_per_minute):
        last = self.addr2timestamps.setdefault(mail_from, [])
        now = time.time()
        last[:] = [ts for ts in last if ts >= (now - 60)]
        if len(last) <= max_send_per_minute:
            last.append(now)
            return True
        return False
 def main():
    args = sys.argv[1:]
    assert len(args) == 1
    config = read_config(args[0])
    logging.basicConfig(level=logging.WARN)
    loop = asyncio.new_event_loop()
    asyncio.set_event_loop(loop)
    task = asyncmain_beforequeue(config)
    loop.create_task(task)
    loop.run_forever()
--- a/chatmaild/src/chatmaild/filtermail.service.f
+++ b/chatmaild/src/chatmaild/filtermail.service.f
@@ -0,0 +1,10 @@
 [Unit]
 Description=Chatmail Postfix BeforeQeue filter 
 [Service]
 ExecStart={execpath} {config_path}
 Restart=always
 RestartSec=30
 [Install]
 WantedBy=multi-user.target
--- a/chatmaild/src/chatmaild/fsreport.py
+++ b/chatmaild/src/chatmaild/fsreport.py
@@ -1,287 +0,0 @@
 """
 command line tool to analyze mailbox message storage
 example invocation:
    python -m chatmaild.fsreport /path/to/chatmail.ini
 to show storage summaries for all "cur" folders
    python -m chatmaild.fsreport /path/to/chatmail.ini --mdir cur
 to show storage summaries only for first 1000 mailboxes
    python -m chatmaild.fsreport /path/to/chatmail.ini --maxnum 1000
 to write Prometheus textfile for node_exporter
    python -m chatmaild.fsreport --textfile /var/lib/prometheus/node-exporter/
 writes to /var/lib/prometheus/node-exporter/fsreport.prom
 to also write legacy metrics.py style output (default: /var/www/html/metrics):
    python -m chatmaild.fsreport --textfile /var/lib/prometheus/node-exporter/ --legacy-metrics
 """
 import os
 import tempfile
 from argparse import ArgumentParser
 from datetime import datetime
 from chatmaild.config import read_config
 from chatmaild.expire import iter_mailboxes
 DAYSECONDS = 24 * 60 * 60
 MONTHSECONDS = DAYSECONDS * 30
 def HSize(size: int):
    """Format a size integer as a Human-readable string Kilobyte, Megabyte or Gigabyte"""
    if size < 10000:
        return f"{size / 1000:5.2f}K"
    if size < 1000 * 1000:
        return f"{size / 1000:5.0f}K"
    if size < 1000 * 1000 * 1000:
        return f"{int(size / 1000000):5.0f}M"
    return f"{size / 1000000000:5.2f}G"
 class Report:
    def __init__(self, now, min_login_age, mdir):
        self.size_extra = 0
        self.size_messages = 0
        self.now = now
        self.min_login_age = min_login_age
        self.mdir = mdir
        self.num_ci_logins = self.num_all_logins = 0
        self.login_buckets = {x: 0 for x in (1, 10, 30, 40, 80, 100, 150)}
        KiB = 1024
        MiB = 1024 * KiB
        self.message_size_thresholds = (
            0,
            100 * KiB,
            MiB // 2,
            1 * MiB,
            2 * MiB,
            5 * MiB,
            10 * MiB,
        )
        self.message_buckets = {x: 0 for x in self.message_size_thresholds}
        self.message_count_buckets = {x: 0 for x in self.message_size_thresholds}
    def process_mailbox_stat(self, mailbox):
        # categorize login times
        last_login = mailbox.last_login
        if last_login:
            self.num_all_logins += 1
            if os.path.basename(mailbox.basedir)[:3] == "ci-":
                self.num_ci_logins += 1
            else:
                for days in self.login_buckets:
                    if last_login >= self.now - days * DAYSECONDS:
                        self.login_buckets[days] += 1
        cutoff_login_date = self.now - self.min_login_age * DAYSECONDS
        if last_login and last_login <= cutoff_login_date:
            # categorize message sizes
            for size in self.message_buckets:
                for msg in mailbox.messages:
                    if msg.size >= size:
                        if self.mdir and f"/{self.mdir}/" not in msg.path:
                            continue
                        self.message_buckets[size] += msg.size
                        self.message_count_buckets[size] += 1
        self.size_messages += sum(entry.size for entry in mailbox.messages)
        self.size_extra += sum(entry.size for entry in mailbox.extrafiles)
    def dump_summary(self):
        all_messages = self.size_messages
        print()
        print("## Mailbox storage use analysis")
        print(f"Mailbox data total size: {HSize(self.size_extra + all_messages)}")
        print(f"Messages total size    : {HSize(all_messages)}")
        try:
            percent = self.size_extra / (self.size_extra + all_messages) * 100
        except ZeroDivisionError:
            percent = 100
        print(f"Extra files : {HSize(self.size_extra)} ({percent:.2f}%)")
        print()
        if self.min_login_age:
            print(f"### Message storage for {self.min_login_age} days old logins")
        pref = f"[{self.mdir}] " if self.mdir else ""
        for minsize, sumsize in self.message_buckets.items():
            count = self.message_count_buckets[minsize]
            percent = (sumsize / all_messages * 100) if all_messages else 0
            print(
                f"{pref}larger than {HSize(minsize)}: {HSize(sumsize)} ({percent:.2f}%), {count} msgs"
            )
        user_logins = self.num_all_logins - self.num_ci_logins
        def p(num):
            return f"({num / user_logins * 100:2.2f}%)" if user_logins else "100%"
        print()
        print(f"## Login stats, from date reference {datetime.fromtimestamp(self.now)}")
        print(f"all:     {HSize(self.num_all_logins)}")
        print(f"non-ci:  {HSize(user_logins)}")
        print(f"ci:      {HSize(self.num_ci_logins)}")
        for days, active in self.login_buckets.items():
            print(f"last {days:3} days: {HSize(active)} {p(active)}")
    def _write_atomic(self, filepath, content):
        """Atomically write content to filepath via tmp+rename."""
        dirpath = os.path.dirname(os.path.abspath(filepath))
        fd, tmppath = tempfile.mkstemp(dir=dirpath, suffix=".tmp")
        try:
            with os.fdopen(fd, "w") as f:
                f.write(content)
            os.chmod(tmppath, 0o644)
            os.rename(tmppath, filepath)
        except BaseException:
            try:
                os.unlink(tmppath)
            except OSError:
                pass
            raise
    def dump_textfile(self, filepath):
        """Dump metrics in Prometheus exposition format."""
        lines = []
        lines.append("# HELP chatmail_storage_bytes Mailbox storage in bytes.")
        lines.append("# TYPE chatmail_storage_bytes gauge")
        lines.append(f'chatmail_storage_bytes{{kind="messages"}} {self.size_messages}')
        lines.append(f'chatmail_storage_bytes{{kind="extra"}} {self.size_extra}')
        total = self.size_extra + self.size_messages
        lines.append(f'chatmail_storage_bytes{{kind="total"}} {total}')
        lines.append("# HELP chatmail_messages_bytes Sum of msg bytes >= threshold.")
        lines.append("# TYPE chatmail_messages_bytes gauge")
        for minsize, sumsize in self.message_buckets.items():
            lines.append(f'chatmail_messages_bytes{{min_size="{minsize}"}} {sumsize}')
        lines.append("# HELP chatmail_messages_count Number of msgs >= size threshold.")
        lines.append("# TYPE chatmail_messages_count gauge")
        for minsize, count in self.message_count_buckets.items():
            lines.append(f'chatmail_messages_count{{min_size="{minsize}"}} {count}')
        lines.append("# HELP chatmail_accounts Number of accounts.")
        lines.append("# TYPE chatmail_accounts gauge")
        user_logins = self.num_all_logins - self.num_ci_logins
        lines.append(f'chatmail_accounts{{kind="all"}} {self.num_all_logins}')
        lines.append(f'chatmail_accounts{{kind="ci"}} {self.num_ci_logins}')
        lines.append(f'chatmail_accounts{{kind="user"}} {user_logins}')
        lines.append(
            "# HELP chatmail_accounts_active Non-CI accounts active within N days."
        )
        lines.append("# TYPE chatmail_accounts_active gauge")
        for days, active in self.login_buckets.items():
            lines.append(f'chatmail_accounts_active{{days="{days}"}} {active}')
        self._write_atomic(filepath, "\n".join(lines) + "\n")
    def dump_compat_textfile(self, filepath):
        """Dump legacy metrics.py style metrics."""
        user_logins = self.num_all_logins - self.num_ci_logins
        lines = [
            "# HELP total number of accounts",
            "# TYPE accounts gauge",
            f"accounts {self.num_all_logins}",
            "# HELP number of CI accounts",
            "# TYPE ci_accounts gauge",
            f"ci_accounts {self.num_ci_logins}",
            "# HELP number of non-CI accounts",
            "# TYPE nonci_accounts gauge",
            f"nonci_accounts {user_logins}",
        ]
        self._write_atomic(filepath, "\n".join(lines) + "\n")
 def main(args=None):
    """Report about filesystem storage usage of all mailboxes and messages"""
    parser = ArgumentParser(description=main.__doc__)
    ini = "/usr/local/lib/chatmaild/chatmail.ini"
    parser.add_argument(
        "chatmail_ini",
        action="store",
        nargs="?",
        help=f"path pointing to chatmail.ini file, default: {ini}",
        default=ini,
    )
    parser.add_argument(
        "--days",
        default=0,
        action="store",
        help="assume date to be DAYS older than now",
    )
    parser.add_argument(
        "--min-login-age",
        default=0,
        metavar="DAYS",
        dest="min_login_age",
        action="store",
        help="only sum up message size if last login is at least DAYS days old",
    )
    parser.add_argument(
        "--mdir",
        metavar="{cur,new,tmp}",
        action="store",
        help="only consider messages in specified Maildir subdirectory for summary",
    )
    parser.add_argument(
        "--maxnum",
        default=None,
        action="store",
        help="maximum number of mailboxes to iterate on",
    )
    parser.add_argument(
        "--textfile",
        metavar="PATH",
        default=None,
        help="write Prometheus textfile to PATH (directory or file); "
        "if PATH is a directory, writes 'fsreport.prom' inside it",
    )
    parser.add_argument(
        "--legacy-metrics",
        metavar="FILENAME",
        nargs="?",
        const="/var/www/html/metrics",
        default=None,
        help="write legacy metrics.py textfile (default: /var/www/html/metrics)",
    )
    args = parser.parse_args(args)
    config = read_config(args.chatmail_ini)
    now = datetime.utcnow().timestamp()
    if args.days:
        now = now - 86400 * int(args.days)
    maxnum = int(args.maxnum) if args.maxnum else None
    rep = Report(now=now, min_login_age=int(args.min_login_age), mdir=args.mdir)
    for mbox in iter_mailboxes(str(config.mailboxes_dir), maxnum=maxnum):
        rep.process_mailbox_stat(mbox)
    if args.textfile:
        path = args.textfile
        if os.path.isdir(path):
            path = os.path.join(path, "fsreport.prom")
        rep.dump_textfile(path)
    if args.legacy_metrics:
        rep.dump_compat_textfile(args.legacy_metrics)
    if not args.textfile and not args.legacy_metrics:
        rep.dump_summary()
 if __name__ == "__main__":
    main()
--- a/chatmaild/src/chatmaild/ini/chatmail.ini.f
+++ b/chatmaild/src/chatmaild/ini/chatmail.ini.f
@@ -8,30 +8,17 @@ mail_domain = {mail_domain}
 #
 #
-# Restrictions on user addresses
+# Account Restrictions
 #
-# email sending rate per user and minute
+# how many mails a user can send out per minute
 max_user_send_per_minute = 60
-# per-user max burst size for sending rate limiting (GCRA bucket capacity)
+# maximum mailbox size of a chatmail account
-max_user_send_burst_size = 10
+max_mailbox_size = 100M
 # maximum mailbox size of a chatmail address
 # Oldest messages will be removed automatically, so mailboxes never run full.
 max_mailbox_size = 500M
 # maximum message size for an e-mail in bytes
 max_message_size = 31457280
 # days after which mails are unconditionally deleted
-delete_mails_after = 20
+delete_mails_after = 40
 # days after which large messages (>200k) are unconditionally deleted
 delete_large_after = 7
 # days after which users without a successful login are deleted (database and mails)
 delete_inactive_users_after = 90
 # minimum length a username must have
 username_min_length = 9
@@ -42,81 +29,22 @@ username_max_length = 9
 # minimum length a password must have
 password_min_length = 9
-# list of chatmail addresses which can send outbound un-encrypted mail
+# list of chatmail accounts which can send outbound un-encrypted mail
 passthrough_senders =
 # list of e-mail recipients for which to accept outbound un-encrypted mails
-# (space-separated, item may start with "@" to whitelist whole recipient domains)
+passthrough_recipients = xstore@testrun.org groupsbot@hispanilandia.net
 passthrough_recipients =
 # Use externally managed TLS certificates instead of built-in acmetool.
 # Paths refer to files on the deployment server (not the build machine).
 # Both files must already exist before running cmdeploy.
 # Certificate renewal is your responsibility; changed files are
 # picked up automatically by all relay services.
 # tls_external_cert_and_key = /path/to/fullchain.pem /path/to/privkey.pem
 # path to www directory - documented here: https://chatmail.at/doc/relay/getting_started.html#custom-web-pages
 #www_folder = www
 #
 # Deployment Details
 #
-# SMTP outgoing filtermail and reinjection 
+# where the filtermail SMTP service listens
 filtermail_smtp_port = 10080
 # postfix accepts on the localhost reinject SMTP port
 postfix_reinject_port = 10025
 # SMTP incoming filtermail and reinjection 
 filtermail_smtp_port_incoming = 10081
 postfix_reinject_port_incoming = 10026
 # if set to "True" IPv6 is disabled
 disable_ipv6 = False
 # Your email adress, which will be used in acmetool to manage Let's Encrypt SSL certificates
 acme_email = 
 # Defaults to https://iroh.{{mail_domain}} and running `iroh-relay` on the chatmail
 # service.
 # If you set it to anything else, the service will be disabled
 # and users will be directed to use the given iroh relay URL.
 # Set it to empty string if you want users to use their default iroh relay.
 # iroh_relay =
 # Address on which `mtail` listens,
 # e.g. 127.0.0.1 or some private network
 # address like 192.168.10.1.
 # You can point Prometheus
 # or some other OpenMetrics-compatible
 # collector to
 # http://{{mtail_address}}:3903/metrics
 # and display collected metrics with Grafana.
 #
 # WARNING: do not expose this service
 # to the public IP address.
 #
 # `mtail is not running if the setting is not set.
 # mtail_address = 127.0.0.1
 #
 # Debugging options 
 #
 # set to True if you want to track imap protocol execution
 # in per-maildir ".in/.out" files. 
 # Note that you need to manually cleanup these files
 # so use this option with caution on production servers. 
 imap_rawlog = false 
 # set to true if you want to enable the IMAP COMPRESS Extension,
 # which allows IMAP connections to be efficiently compressed.
 # WARNING: Enabling this makes it impossible to hibernate IMAP
 # processes which will result in much higher memory/RAM usage.
 imap_compress = false
 #
 # Privacy Policy
 #
@@ -132,3 +60,4 @@ privacy_pdo =
 # postal address of the privacy supervisor
 privacy_supervisor =
--- a/chatmaild/src/chatmaild/ini/override-testrun.ini
+++ b/chatmaild/src/chatmaild/ini/override-testrun.ini
@@ -1,7 +1,7 @@
 [privacy]
-passthrough_recipients = privacy@testrun.org echo@{mail_domain}
+passthrough_recipients = privacy@testrun.org xstore@testrun.org groupsbot@hispanilandia.net
 privacy_postal =
    Merlinux GmbH, Represented by the managing director H. Krekel,
--- a/chatmaild/src/chatmaild/lastlogin.py
+++ b/chatmaild/src/chatmaild/lastlogin.py
@@ -1,29 +0,0 @@
 import sys
 from .config import read_config
 from .dictproxy import DictProxy
 class LastLoginDictProxy(DictProxy):
    def __init__(self, config):
        super().__init__()
        self.config = config
    def handle_set(self, addr, parts):
        keyname = parts[1].split("/")
        value = parts[2] if len(parts) > 2 else ""
        if keyname[0] == "shared" and keyname[1] == "last-login":
            addr = keyname[2]
            timestamp = int(value)
            user = self.config.get_user(addr)
            user.set_last_login_timestamp(timestamp)
            return True
        return False
 def main():
    socket, config_path = sys.argv[1:]
    config = read_config(config_path)
    dictproxy = LastLoginDictProxy(config=config)
    dictproxy.serve_forever_from_socket(socket)
--- a/chatmaild/src/chatmaild/metadata.py
+++ b/chatmaild/src/chatmaild/metadata.py
@@ -1,158 +0,0 @@
 import logging
 import sys
 import time
 from contextlib import contextmanager
 from .config import read_config
 from .dictproxy import DictProxy
 from .filedict import FileDict
 from .notifier import Notifier
 from .turnserver import turn_credentials
 def _is_valid_token_timestamp(timestamp, now):
    # Token if invalid after 90 days
    # or if the timestamp is in the future.
    return timestamp > now - 3600 * 24 * 90 and timestamp < now + 60
 class Metadata:
    # each SETMETADATA on this key appends to dictionary
    # mapping of unique device tokens
    # which only ever get removed if the upstream indicates the token is invalid
    DEVICETOKEN_KEY = "devicetoken"
    def __init__(self, vmail_dir):
        self.vmail_dir = vmail_dir
    def get_metadata_dict(self, addr):
        return FileDict(self.vmail_dir / addr / "metadata.json")
    @contextmanager
    def _modify_tokens(self, addr):
        with self.get_metadata_dict(addr).modify() as data:
            tokens = data.setdefault(self.DEVICETOKEN_KEY, {})
            now = int(time.time())
            if isinstance(tokens, list):
                data[self.DEVICETOKEN_KEY] = tokens = {t: now for t in tokens}
            expired_tokens = [
                token
                for token, timestamp in tokens.items()
                if not _is_valid_token_timestamp(tokens[token], now)
            ]
            for expired_token in expired_tokens:
                del tokens[expired_token]
            yield tokens
    def add_token_to_addr(self, addr, token):
        with self._modify_tokens(addr) as tokens:
            tokens[token] = int(time.time())
    def remove_token_from_addr(self, addr, token):
        with self._modify_tokens(addr) as tokens:
            if token in tokens:
                del tokens[token]
    def get_tokens_for_addr(self, addr):
        mdict = self.get_metadata_dict(addr).read()
        tokens = mdict.get(self.DEVICETOKEN_KEY, {})
        now = int(time.time())
        if isinstance(tokens, dict):
            token_list = [
                token
                for token, timestamp in tokens.items()
                if _is_valid_token_timestamp(timestamp, now)
            ]
            if len(token_list) < len(tokens):
                # Some tokens have expired, remove them.
                with self._modify_tokens(addr) as _tokens:
                    pass
        elif isinstance(tokens, list):
            with self._modify_tokens(addr) as tokens:
                token_list = list(tokens.keys())
        else:
            token_list = []
        return token_list
 class MetadataDictProxy(DictProxy):
    def __init__(self, notifier, metadata, iroh_relay=None, turn_hostname=None):
        super().__init__()
        self.notifier = notifier
        self.metadata = metadata
        self.iroh_relay = iroh_relay
        self.turn_hostname = turn_hostname
    def handle_lookup(self, parts):
        # Lpriv/43f5f508a7ea0366dff30200c15250e3/devicetoken\tlkj123poi@c2.testrun.org
        keyparts = parts[0].split("/", 2)
        if keyparts[0] == "priv":
            keyname = keyparts[2]
            addr = parts[1]
            if keyname == self.metadata.DEVICETOKEN_KEY:
                res = " ".join(self.metadata.get_tokens_for_addr(addr))
                return f"O{res}\n"
        elif keyparts[0] == "shared":
            keyname = keyparts[2]
            if (
                keyname == "vendor/vendor.dovecot/pvt/server/vendor/deltachat/irohrelay"
                and self.iroh_relay
            ):
                # Handle `GETMETADATA "" /shared/vendor/deltachat/irohrelay`
                return f"O{self.iroh_relay}\n"
            elif keyname == "vendor/vendor.dovecot/pvt/server/vendor/deltachat/turn":
                try:
                    res = turn_credentials()
                except Exception:
                    logging.exception("failed to get TURN credentials")
                    return "N\n"
                port = 3478
                return f"O{self.turn_hostname}:{port}:{res}\n"
        logging.warning(f"lookup ignored: {parts!r}")
        return "N\n"
    def handle_set(self, addr, parts):
        # For documentation on key structure see
        # https://github.com/dovecot/core/blob/main/src/lib-storage/mailbox-attribute.h
        keyname = parts[1].split("/")
        value = parts[2] if len(parts) > 2 else ""
        if keyname[0] == "priv" and keyname[2] == self.metadata.DEVICETOKEN_KEY:
            self.metadata.add_token_to_addr(addr, value)
            return True
        elif keyname[0] == "priv" and keyname[2] == "messagenew":
            self.notifier.new_message_for_addr(addr, self.metadata)
            return True
        return False
 def main():
    socket, config_path = sys.argv[1:]
    config = read_config(config_path)
    iroh_relay = config.iroh_relay
    mail_domain = config.mail_domain
    vmail_dir = config.mailboxes_dir
    if not vmail_dir.exists():
        logging.error("vmail dir does not exist: %r", vmail_dir)
        return 1
    queue_dir = vmail_dir / "pending_notifications"
    queue_dir.mkdir(exist_ok=True)
    metadata = Metadata(vmail_dir)
    notifier = Notifier(queue_dir)
    notifier.start_notification_threads(metadata.remove_token_from_addr)
    dictproxy = MetadataDictProxy(
        notifier=notifier,
        metadata=metadata,
        iroh_relay=iroh_relay,
        turn_hostname=mail_domain,
    )
    dictproxy.serve_forever_from_socket(socket)
--- a/chatmaild/src/chatmaild/metrics.py
+++ b/chatmaild/src/chatmaild/metrics.py
@@ -0,0 +1,25 @@
 #!/usr/bin/env python3
 from pathlib import Path
 import time
 import sys
 def main(vmail_dir=None):
    if vmail_dir is None:
        vmail_dir = sys.argv[1]
    accounts = 0
    ci_accounts = 0
    for path in Path(vmail_dir).iterdir():
        accounts += 1
        if path.name[:3] in ("ci-", "ac_"):
            ci_accounts += 1
    timestamp = int(time.time() * 1000)
    print(f"accounts {accounts} {timestamp}")
    print(f"ci_accounts {ci_accounts} {timestamp}")
 if __name__ == "__main__":
    main()
--- a/chatmaild/src/chatmaild/migrate_db.py
+++ b/chatmaild/src/chatmaild/migrate_db.py
@@ -1,63 +0,0 @@
 """
 migration code from old sqlite databases into per-maildir "password" files
 where mtime reflects and is updated to be the "last-login" time.
 """
 import logging
 import os
 import sqlite3
 import sys
 from chatmaild.config import read_config
 def get_all_rows(path):
    assert path.exists()
    uri = f"file:{path}?mode=ro"
    sqlconn = sqlite3.connect(uri, timeout=60, isolation_level="DEFERRED", uri=True)
    cur = sqlconn.cursor()
    cur.execute("SELECT * from users")
    rows = cur.fetchall()
    sqlconn.close()
    return rows
 def migrate_from_db_to_maildir(config, chunking=10000):
    path = config.passdb_path
    if not path.exists():
        return
    all_rows = get_all_rows(path)
    # don't transfer special/CI accounts
    rows = [row for row in all_rows if row[0][:3] not in ("ci-", "ac_")]
    logging.info(f"ignoring {len(all_rows) - len(rows)} CI accounts")
    logging.info(f"migrating {len(rows)} sqlite database passwords to user dirs")
    for i, row in enumerate(rows):
        addr = row[0]
        enc_password = row[1]
        user = config.get_user(addr)
        user.set_password(enc_password)
        if len(row) == 3 and row[2]:
            timestamp = int(row[2])
            user.set_last_login_timestamp(timestamp)
        if i > 0 and i % chunking == 0:
            logging.info(f"migration-progress: {i} passwords transferred")
    logging.info("migration: all passwords migrated")
    oldpath = config.passdb_path.with_suffix(config.passdb_path.suffix + ".old")
    os.rename(config.passdb_path, oldpath)
    for path in config.passdb_path.parent.iterdir():
        if path.name.startswith(config.passdb_path.name + "-"):
            path.unlink()
    logging.info(f"migration: moved database to {oldpath!r}")
 if __name__ == "__main__":
    config = read_config(sys.argv[1])
    logging.basicConfig(level=logging.INFO)
    migrate_from_db_to_maildir(config)
--- a/chatmaild/src/chatmaild/newemail.py
+++ b/chatmaild/src/chatmaild/newemail.py
@@ -1,61 +1,35 @@
 #!/usr/local/lib/chatmaild/venv/bin/python3
-"""CGI script for creating new accounts."""
+""" CGI script for creating new accounts. """
 import ipaddress
 import json
 import random
 import secrets
 import string
 from urllib.parse import quote
-from chatmaild.config import Config, read_config
+from chatmaild.config import read_config, Config
 CONFIG_PATH = "/usr/local/lib/chatmaild/chatmail.ini"
 ALPHANUMERIC = string.ascii_lowercase + string.digits
 ALPHANUMERIC_PUNCT = string.ascii_letters + string.digits + string.punctuation
 def wrap_ip(host):
    if host.startswith("[") and host.endswith("]"):
        return host
    try:
        ipaddress.ip_address(host)
        return f"[{host}]"
    except ValueError:
        return host
 def create_newemail_dict(config: Config):
-    user = "".join(
+    user = "".join(random.choices(ALPHANUMERIC, k=config.username_min_length))
        secrets.choice(ALPHANUMERIC) for _ in range(config.username_max_length)
    )
    password = "".join(
        secrets.choice(ALPHANUMERIC_PUNCT)
        for _ in range(config.password_min_length + 3)
    )
-    return dict(email=f"{user}@{wrap_ip(config.mail_domain)}", password=f"{password}")
+    return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")
 def create_dclogin_url(email, password):
    """Build a dclogin: URL with credentials and self-signed cert acceptance.
    Uses ic=3 (AcceptInvalidCertificates) so chatmail clients
    can connect to servers with self-signed TLS certificates.
    """
    return f"dclogin:{quote(email, safe='@')}?p={quote(password, safe='')}&v=1&ic=3"
 def print_new_account():
    config = read_config(CONFIG_PATH)
    creds = create_newemail_dict(config)
    result = dict(email=creds["email"], password=creds["password"])
    if config.tls_cert_mode == "self":
        result["dclogin_url"] = create_dclogin_url(creds["email"], creds["password"])
    print("Content-Type: application/json")
    print("")
-    print(json.dumps(result))
+    print(json.dumps(creds))
 if __name__ == "__main__":
--- a/chatmaild/src/chatmaild/notifier.py
+++ b/chatmaild/src/chatmaild/notifier.py
@@ -1,171 +0,0 @@
 """
 This modules provides notification machinery for transmitting device tokens to
 a central notification server which in turn contacts a phone provider's notification server
 to trigger Delta Chat apps to retrieve messages and provide instant notifications to users.
 The Notifier class arranges the queuing of tokens in separate PriorityQueues
 from which NotifyThreads take and transmit them via HTTPS
 to the `notifications.delta.chat` service.
 The current lack of proper HTTP/2-support in Python leads us
 to use multiple threads and connections to the Rust-implemented `notifications.delta.chat`
 which itself uses HTTP/2 and thus only a single connection to phone-notification providers.
 If a token fails to cause a successful notification
 it is moved to a retry-number specific PriorityQueue
 which handles all tokens that failed a particular number of times
 and which are scheduled for retry using exponential back-off timing.
 If a token notification would be scheduled more than DROP_DEADLINE seconds
 after its first attempt, it is dropped with a log error.
 Note that tokens are opaque to the notification machinery here
 and are encrypted foreclosing all ability to distinguish
 which device token ultimately goes to which phone-provider notification service,
 or to understand the relation of "device tokens" and chatmail addresses.
 The meaning and format of tokens is basically a matter of chatmail Core and
 the `notification.delta.chat` service.
 """
 import logging
 import math
 import os
 import time
 from dataclasses import dataclass
 from pathlib import Path
 from queue import PriorityQueue
 from threading import Thread
 from uuid import uuid4
 import requests
@dataclass
 class PersistentQueueItem:
    path: Path
    addr: str
    start_ts: int
    token: str
    def delete(self):
        self.path.unlink(missing_ok=True)
    @classmethod
    def create(cls, queue_dir, addr, start_ts, token):
        queue_id = uuid4().hex
        start_ts = int(start_ts)
        path = queue_dir.joinpath(queue_id)
        tmp_path = path.with_name(path.name + ".tmp")
        tmp_path.write_text(f"{addr}\n{start_ts}\n{token}")
        os.rename(tmp_path, path)
        return cls(path, addr, start_ts, token)
    @classmethod
    def read_from_path(cls, path):
        addr, start_ts, token = path.read_text().split("\n", maxsplit=2)
        return cls(path, addr, int(start_ts), token)
    def __lt__(self, other):
        return self.start_ts < other.start_ts
 class Notifier:
    URL = "https://notifications.delta.chat/notify"
    CONNECTION_TIMEOUT = 60.0  # seconds until http-request is given up
    BASE_DELAY = 8.0  # base seconds for exponential back-off delay
    DROP_DEADLINE = 5 * 60 * 60  #  drop notifications after 5 hours
    def __init__(self, queue_dir):
        self.queue_dir = queue_dir
        max_tries = int(math.log(self.DROP_DEADLINE, self.BASE_DELAY)) + 1
        self.retry_queues = [PriorityQueue() for _ in range(max_tries)]
    def compute_delay(self, retry_num):
        return 0 if retry_num == 0 else pow(self.BASE_DELAY, retry_num)
    def new_message_for_addr(self, addr, metadata):
        start_ts = int(time.time())
        for token in metadata.get_tokens_for_addr(addr):
            queue_item = PersistentQueueItem.create(
                self.queue_dir, addr, start_ts, token
            )
            self.queue_for_retry(queue_item)
    def requeue_persistent_queue_items(self):
        for queue_path in self.queue_dir.iterdir():
            if queue_path.name.endswith(".tmp"):
                logging.warning(f"removing spurious queue item: {queue_path!r}")
                queue_path.unlink()
                continue
            try:
                queue_item = PersistentQueueItem.read_from_path(queue_path)
            except ValueError:
                logging.warning(f"removing spurious queue item: {queue_path!r}")
                queue_path.unlink()
                continue
            self.queue_for_retry(queue_item)
    def queue_for_retry(self, queue_item, retry_num=0):
        delay = self.compute_delay(retry_num)
        when = int(time.time()) + delay
        deadline = queue_item.start_ts + self.DROP_DEADLINE
        if retry_num >= len(self.retry_queues) or when > deadline:
            queue_item.delete()
            logging.error(f"notification exceeded deadline: {queue_item.token!r}")
            return
        self.retry_queues[retry_num].put((when, queue_item))
    def start_notification_threads(self, remove_token_from_addr):
        self.requeue_persistent_queue_items()
        threads = {}
        for retry_num in range(len(self.retry_queues)):
            # use 4 threads for first-try tokens and less for subsequent tries
            num_threads = 4 if retry_num == 0 else 2
            threads[retry_num] = []
            for _ in range(num_threads):
                thread = NotifyThread(self, retry_num, remove_token_from_addr)
                threads[retry_num].append(thread)
                thread.start()
        return threads
 class NotifyThread(Thread):
    def __init__(self, notifier, retry_num, remove_token_from_addr):
        super().__init__(daemon=True)
        self.notifier = notifier
        self.retry_num = retry_num
        self.remove_token_from_addr = remove_token_from_addr
    def stop(self):
        self.notifier.retry_queues[self.retry_num].put((None, None))
    def run(self):
        requests_session = requests.Session()
        while self.retry_one(requests_session):
            pass
    def retry_one(self, requests_session, sleep=time.sleep):
        when, queue_item = self.notifier.retry_queues[self.retry_num].get()
        if when is None:
            return False
        wait_time = when - int(time.time())
        if wait_time > 0:
            sleep(wait_time)
        self.perform_request_to_notification_server(requests_session, queue_item)
        return True
    def perform_request_to_notification_server(self, requests_session, queue_item):
        timeout = self.notifier.CONNECTION_TIMEOUT
        token = queue_item.token
        try:
            res = requests_session.post(self.notifier.URL, data=token, timeout=timeout)
        except requests.exceptions.RequestException as e:
            res = e
        else:
            if res.status_code in (200, 410):
                if res.status_code == 410:
                    self.remove_token_from_addr(queue_item.addr, token)
                queue_item.delete()
                return
        logging.warning(f"Notification request failed: {res!r}")
        self.notifier.queue_for_retry(queue_item, retry_num=self.retry_num + 1)
--- a/chatmaild/src/chatmaild/tests/mail-data/asm.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/asm.eml
@@ -1,56 +0,0 @@
 From: {from_addr}
 To: {to_addr}
 Autocrypt-Setup-Message: v1
 Subject: Autocrypt Setup Message
 Date: Tue, 22 Jan 2019 12:56:29 +0100
 Content-type: multipart/mixed; boundary="Y6fyGi9SoGeH8WwRaEdC6bbBcYOedDzrQ"
 --Y6fyGi9SoGeH8WwRaEdC6bbBcYOedDzrQ
 Content-Type: text/plain
 This message contains all information to transfer your Autocrypt
 settings along with your secret key securely from your original
 device.
 To set up your new device for Autocrypt, please follow the
 instuctions that should be presented by your new device.
 You can keep this message and use it as a backup for your secret
 key. If you want to do this, you should write down the Setup Code
 and store it securely.
 --Y6fyGi9SoGeH8WwRaEdC6bbBcYOedDzrQ
 Content-Type: application/autocrypt-setup
 Content-Disposition: attachment; filename="autocrypt-setup-message.html"
 <html><body>
 <p>
 This is the Autocrypt setup file used to transfer settings and
 keys between clients. You can decrypt it using the Setup Code
 presented on your old device, and then import the contained key
 into your keyring.
 </p>
 <pre>
 -----BEGIN PGP MESSAGE-----
 Passphrase-Format: numeric9x4
 Passphrase-Begin: 17
 jA0EBwMCFAxADoCdzeX/0ukBlqI5+pfpKb751qd/7nLNbkpy3gVcaf1QwRPZYt40
 Ynp08UqRQ2g48ZlnzHLSwlTGOPTuv2Jt8ka+pgZ45xzvJSG2gau03xP4VsC271kR
 VmCjdb0Y6Rk96mAwfGzrkbaRQ9Z7fIoL866GOv6h9neiVIkp+JYlTV6ISD0ZQJ4Q
 I6dOQkB/TWZyVjtiJDOQHdfNWliA6NtqaLq19wlu9L5xXjuNpY95KwR8EJXWe0+o
 Y3d2U/KxOAkXKghP2Qg1GtlPVeGC5T4p03TGI6pzKT+kHX6Rrm9wK6sM9aTquMmF
 Vok84Jg1DFnwivWC2RILR81rXi7k/+Y6MUbveFgJ9cQduqpxnmD7TjOblYu7M6zp
 YGAUxh8DRKlIMn2QsA++DBYQ6ACZvwuY8qTDLkqPDo4WqM313dsMJbyGjDdVE7EM
 PESS+RlABETpZXz8g/ycr6DIUNdlbPcmYlsBfHWDOuR2GFFTwmlv5slWS39dJv38
 E0eIe1CwdxI801Se7t7dUUS/ZF8wb6GlmxOcqGbF8eko1Z0S64IAm7/h13MRQCxI
 geQnHfGYVJ2FOimoCMEKwfa9x++RFTDW0u7spDC2uWvK/1viV8OfRppFhLr/kmKb
 18lWXuAz80DAjUDUsVqEq2MvJBJGoCJUEyjuRsLkHYRM5jYk4v50LyyR0Om73nWF
 nZBqmqNzdr7Xb9PHHdFhnEc0VvoYbrcM0RVYcEMW3YbmejM891j1d6Iv+/n/qND/
 NdebGrfWJMmFLf/iEkzTZ3/v5inW9LpWoRc94ioCjJTaEo8Rib6ARRFaJVIsmNXi
 YicFGO98D+zX+a2t9Yz6IpPajVslnOp6ScpmXgts/2XWD7oE+JgxSAqo/dLVsHgP
 Ufo=
 =pulM
 -----END PGP MESSAGE-----
 </pre></body></html>
 --Y6fyGi9SoGeH8WwRaEdC6bbBcYOedDzrQ--
--- a/chatmaild/src/chatmaild/tests/mail-data/encrypted.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/encrypted.eml
@@ -1,6 +1,6 @@
 From: {from_addr}
 To: {to_addr}
-Subject: {subject}
+Subject: ...
 Date: Sun, 15 Oct 2023 16:43:21 +0000
 Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>
 In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
--- a/chatmaild/src/chatmaild/tests/mail-data/literal.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/literal.eml
@@ -1,44 +0,0 @@
 From: {from_addr}
 To: {to_addr}
 Subject: ...
 Date: Sun, 15 Oct 2023 16:43:21 +0000
 Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>
 In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
 	<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
 Chat-Version: 1.0
 Autocrypt: addr={from_addr}; prefer-encrypt=mutual;
 	keydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH
 	rNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID
 	FgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW
 	XQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK
 	KwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ
 	JlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP
 	IXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO
 MIME-Version: 1.0
 Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
 	boundary="YFrteb74qSXmggbOxZL9dRnhymywAi"
 --YFrteb74qSXmggbOxZL9dRnhymywAi
 Content-Description: PGP/MIME version identification
 Content-Type: application/pgp-encrypted
 Version: 1
 --YFrteb74qSXmggbOxZL9dRnhymywAi
 Content-Description: OpenPGP encrypted message
 Content-Disposition: inline; filename="encrypted.asc";
 Content-Type: application/octet-stream; name="encrypted.asc"
 -----BEGIN PGP MESSAGE-----
 yxJiAAAAAABIZWxsbyB3b3JsZCE=
 =1I/B
 -----END PGP MESSAGE-----
 --YFrteb74qSXmggbOxZL9dRnhymywAi--
--- a/chatmaild/src/chatmaild/tests/mail-data/mailer-daemon.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/mailer-daemon.eml
@@ -1,46 +0,0 @@
 Date: Fri, 8 Jul 1994 09:21:47 -0400
 From: Mail Delivery Subsystem <MAILER-DAEMON@example.org>
 Subject: Returned mail: User unknown
 To: <owner-ups-mib@CS.UTK.EDU>
 Auto-Submitted: auto-replied 
 MIME-Version: 1.0
 Content-Type: multipart/report; report-type=delivery-status;
      boundary="JAA13167.773673707/CS.UTK.EDU"
 --JAA13167.773673707/CS.UTK.EDU
 content-type: text/plain; charset=us-ascii
   ----- The following addresses had delivery problems -----
 <arathib@vnet.ibm.com>  (unrecoverable error)
 <wsnell@sdcc13.ucsd.edu>  (unrecoverable error)
 --JAA13167.773673707/CS.UTK.EDU
 content-type: message/delivery-status
 Reporting-MTA: dns; cs.utk.edu
 Original-Recipient: rfc822;arathib@vnet.ibm.com
 Final-Recipient: rfc822;arathib@vnet.ibm.com
 Action: failed
 Status: 5.0.0 (permanent failure)
 Diagnostic-Code: smtp;
 550 'arathib@vnet.IBM.COM' is not a registered gateway user
 Remote-MTA: dns; vnet.ibm.com
 Original-Recipient: rfc822;johnh@hpnjld.njd.hp.com
 Final-Recipient: rfc822;johnh@hpnjld.njd.hp.com
 Action: delayed
 Status: 4.0.0 (hpnjld.njd.jp.com: host name lookup failure)
 Original-Recipient: rfc822;wsnell@sdcc13.ucsd.edu
 Final-Recipient: rfc822;wsnell@sdcc13.ucsd.edu
 Action: failed
 Status: 5.0.0
 Diagnostic-Code: smtp; 550 user unknown
 Remote-MTA: dns; sdcc13.ucsd.edu
 --JAA13167.773673707/CS.UTK.EDU
 content-type: message/rfc822
 [original message goes here]
 --JAA13167.773673707/CS.UTK.EDU--
--- a/chatmaild/src/chatmaild/tests/mail-data/securejoin-vc-fake.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/securejoin-vc-fake.eml
@@ -1,21 +0,0 @@
 Subject: Message from {from_addr}
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:43:25 +0000
 Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>
 Chat-Version: 1.0
 Secure-Join: vc-request
 Secure-Join-Invitenumber: RANDOM-TOKEN
 MIME-Version: 1.0
 Content-Type: multipart/mixed; boundary="Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi"
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi
 Content-Type: text/plain; charset=utf-8
 Buy viagra!
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi--
--- a/chatmaild/src/chatmaild/tests/mail-data/securejoin-vc.eml
+++ b/chatmaild/src/chatmaild/tests/mail-data/securejoin-vc.eml
@@ -1,21 +0,0 @@
 Subject: Message from {from_addr}
 From: <{from_addr}>
 To: <{to_addr}>
 Date: Sun, 15 Oct 2023 16:43:25 +0000
 Message-ID: <Mr.78MWtlV7RAi.goCFzBhCYfy@c2.testrun.org>
 Chat-Version: 1.0
 Secure-Join: vc-request
 Secure-Join-Invitenumber: RANDOM-TOKEN
 MIME-Version: 1.0
 Content-Type: multipart/mixed; boundary="Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi"
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi
 Content-Type: text/plain; charset=utf-8
 Secure-Join: vc-request
 --Gl92xgZjOShJ5PGHntqYkoo2OK2Dvi--
--- a/chatmaild/src/chatmaild/tests/plugin.py
+++ b/chatmaild/src/chatmaild/tests/plugin.py
@@ -1,13 +1,13 @@
 import random
 from pathlib import Path
 import os
 import importlib.resources
 import itertools
 import os
 import random
 from email import policy
 from email.parser import BytesParser
-from pathlib import Path
+from email import policy
 import pytest
 from chatmaild.database import Database
 from chatmaild.config import read_config, write_initial_config
@@ -15,12 +15,8 @@ from chatmaild.config import read_config, write_initial_config
 def make_config(tmp_path):
    inipath = tmp_path.joinpath("chatmail.ini")
-    def make_conf(mail_domain, settings=None):
+    def make_conf(mail_domain):
-        basedir = tmp_path.joinpath(f"vmail/{mail_domain}")
+        write_initial_config(inipath, mail_domain=mail_domain)
        basedir.mkdir(parents=True, exist_ok=True)
        overrides = settings.copy() if settings else {}
        overrides["mailboxes_dir"] = str(basedir)
        write_initial_config(inipath, mail_domain, overrides=overrides)
        return read_config(inipath)
    return make_conf
@@ -36,11 +32,6 @@ def maildomain(example_config):
    return example_config.mail_domain
@pytest.fixture
 def testaddr(maildomain):
    return f"user.name@{maildomain}"
@pytest.fixture
 def gencreds(maildomain):
    count = itertools.count()
@@ -59,6 +50,13 @@ def gencreds(maildomain):
    return lambda domain=None: next(gen(domain))
@pytest.fixture()
 def db(tmpdir):
    db_path = tmpdir / "passdb.sqlite"
    print("database path:", db_path)
    return Database(db_path)
@pytest.fixture
 def maildata(request):
    try:
@@ -69,29 +67,9 @@ def maildata(request):
    assert datadir.exists(), datadir
-    def maildata(name, from_addr, to_addr, subject="[...]"):
+    def maildata(name, from_addr, to_addr):
-        # Using `.read_bytes().decode()` instead of `.read_text()` to preserve newlines.
+        data = datadir.joinpath(name).read_text()
-        data = datadir.joinpath(name).read_bytes().decode()
+        text = data.format(from_addr=from_addr, to_addr=to_addr)
-        text = data.format(from_addr=from_addr, to_addr=to_addr, subject=subject)
+        return BytesParser(policy=policy.default).parsebytes(text.encode())
        return BytesParser(policy=policy.SMTP).parsebytes(text.encode())
    return maildata
@pytest.fixture
 def mockout():
    class MockOut:
        captured_red = []
        captured_green = []
        captured_plain = []
        def red(self, msg):
            self.captured_red.append(msg)
        def green(self, msg):
            self.captured_green.append(msg)
        def __call__(self, msg):
            self.captured_plain.append(msg)
    return MockOut()
--- a/chatmaild/src/chatmaild/tests/test_config.py
+++ b/chatmaild/src/chatmaild/tests/test_config.py
@@ -1,6 +1,4 @@
-import pytest
+from chatmaild.config import read_config
 from chatmaild.config import parse_size_mb, read_config
 def test_read_config_basic(example_config):
@@ -15,14 +13,6 @@ def test_read_config_basic(example_config):
    assert example_config.mail_domain == "chat.example.org"
 def test_read_config_basic_using_defaults(tmp_path, maildomain):
    inipath = tmp_path.joinpath("chatmail.ini")
    inipath.write_text(f"[params]\nmail_domain = {maildomain}")
    example_config = read_config(inipath)
    assert example_config.max_user_send_per_minute == 60
    assert example_config.filtermail_smtp_port_incoming == 10081
 def test_read_config_testrun(make_config):
    config = make_config("something.testrun.org")
    assert config.mail_domain == "something.testrun.org"
@@ -33,105 +23,10 @@ def test_read_config_testrun(make_config):
    assert config.filtermail_smtp_port == 10080
    assert config.postfix_reinject_port == 10025
    assert config.max_user_send_per_minute == 60
-    assert config.max_mailbox_size == "500M"
+    assert config.max_mailbox_size == "100M"
-    assert config.delete_mails_after == "20"
+    assert config.delete_mails_after == "40"
    assert config.delete_large_after == "7"
    assert config.username_min_length == 9
    assert config.username_max_length == 9
    assert config.password_min_length == 9
    assert "privacy@testrun.org" in config.passthrough_recipients
    assert config.passthrough_senders == []
 def test_config_userstate_paths(make_config, tmp_path):
    config = make_config("something.testrun.org")
    mailboxes_dir = config.mailboxes_dir
    passdb_path = config.passdb_path
    assert mailboxes_dir.name == "something.testrun.org"
    assert str(passdb_path) == "/home/vmail/passdb.sqlite"
    assert config.mail_domain == "something.testrun.org"
    path = config.get_user("user1@something.testrun.org").maildir
    assert not path.exists()
    assert path == mailboxes_dir.joinpath("user1@something.testrun.org")
    with pytest.raises(ValueError):
        config.get_user("")
    with pytest.raises(ValueError):
        config.get_user(None)
    with pytest.raises(ValueError):
        config.get_user("../some@something.testrun.org").maildir
    with pytest.raises(ValueError):
        config.get_user("..").maildir
    with pytest.raises(ValueError):
        config.get_user(".")
 def test_config_max_message_size(make_config, tmp_path):
    config = make_config("something.testrun.org", dict(max_message_size="10000"))
    assert config.max_message_size == 10000
 def test_config_tls_default_acme(make_config):
    config = make_config("chat.example.org")
    assert config.tls_cert_mode == "acme"
    assert config.tls_cert_path == "/var/lib/acme/live/chat.example.org/fullchain"
    assert config.tls_key_path == "/var/lib/acme/live/chat.example.org/privkey"
 def test_config_tls_self(make_config):
    config = make_config("_test.example.org")
    assert config.tls_cert_mode == "self"
    assert config.tls_cert_path == "/etc/ssl/certs/mailserver.pem"
    assert config.tls_key_path == "/etc/ssl/private/mailserver.key"
 def test_config_tls_external(make_config):
    config = make_config(
        "chat.example.org",
        {
            "tls_external_cert_and_key": "/custom/fullchain.pem /custom/privkey.pem",
        },
    )
    assert config.tls_cert_mode == "external"
    assert config.tls_cert_path == "/custom/fullchain.pem"
    assert config.tls_key_path == "/custom/privkey.pem"
 def test_config_tls_external_overrides_underscore(make_config):
    config = make_config(
        "_test.example.org",
        {
            "tls_external_cert_and_key": "/certs/fullchain.pem /certs/privkey.pem",
        },
    )
    assert config.tls_cert_mode == "external"
    assert config.tls_cert_path == "/certs/fullchain.pem"
    assert config.tls_key_path == "/certs/privkey.pem"
 def test_config_tls_external_bad_format(make_config):
    with pytest.raises(ValueError, match="two space-separated"):
        make_config(
            "chat.example.org",
            {
                "tls_external_cert_and_key": "/only/one/path.pem",
            },
        )
 def test_parse_size_mb():
    assert parse_size_mb("500M") == 500
    assert parse_size_mb("2G") == 2048
    assert parse_size_mb("  1g  ") == 1024
    assert parse_size_mb("100MB") == 100
    assert parse_size_mb("256") == 256
 def test_max_mailbox_size_mb(make_config):
    config = make_config("chat.example.org")
    assert config.max_mailbox_size == "500M"
    assert config.max_mailbox_size_mb == 500
--- a/chatmaild/src/chatmaild/tests/test_delete_inactive_users.py
+++ b/chatmaild/src/chatmaild/tests/test_delete_inactive_users.py
@@ -1,64 +0,0 @@
 import time
 from chatmaild.doveauth import AuthDictProxy
 from chatmaild.expire import daily_expire_main as main_expire
 def test_login_timestamps(example_config):
    testaddr = "someuser@chat.example.org"
    user = example_config.get_user(testaddr)
    # password file needs to be set because it's mtime tracks last-login time
    user.set_password("1l2k3j1l2k3j123")
    for i in range(10):
        user.set_last_login_timestamp(86400 * 4 + i)
        assert user.get_last_login_timestamp() == 86400 * 4
 def test_delete_inactive_users(example_config):
    new = time.time()
    old = new - (example_config.delete_inactive_users_after * 86400) - 1
    dictproxy = AuthDictProxy(example_config)
    def create_user(addr, last_login):
        dictproxy.lookup_passdb(addr, "q9mr3faue")
        user = example_config.get_user(addr)
        user.maildir.joinpath("cur").mkdir()
        user.maildir.joinpath("cur", "something").mkdir()
        user.set_last_login_timestamp(timestamp=last_login)
    # create some stale and some new accounts
    to_remove = []
    for i in range(150):
        addr = f"oldold{i:03}@chat.example.org"
        create_user(addr, last_login=old)
        to_remove.append(addr)
    remain = []
    for i in range(5):
        addr = f"newnew{i:03}@chat.example.org"
        create_user(addr, last_login=new)
        remain.append(addr)
    # check pre and post-conditions for delete_inactive_users()
    for addr in to_remove:
        assert example_config.get_user(addr).maildir.exists()
    main_expire(
        args=[
            "--remove",
            str(example_config._inipath),
        ]
    )
    for p in example_config.mailboxes_dir.iterdir():
        assert not p.name.startswith("old")
    for addr in to_remove:
        assert not example_config.get_user(addr).maildir.exists()
    for addr in remain:
        userdir = example_config.get_user(addr).maildir
        assert userdir.exists()
        assert userdir.joinpath("password").read_text()
--- a/chatmaild/src/chatmaild/tests/test_doveauth.py
+++ b/chatmaild/src/chatmaild/tests/test_doveauth.py
@@ -1,189 +1,99 @@
 import io
 import json
 import pytest
 import queue
 import threading
 import traceback
 import pytest
 import chatmaild.doveauth
 from chatmaild.doveauth import (
-    AuthDictProxy,
+    get_user_data,
-    is_allowed_to_create,
+    lookup_passdb,
    handle_dovecot_request,
    handle_dovecot_protocol,
 )
-from chatmaild.newemail import create_newemail_dict
+from chatmaild.database import DBError
-@pytest.fixture
+def test_basic(db, example_config):
-def dictproxy(example_config):
+    lookup_passdb(db, example_config, "asdf12345@chat.example.org", "q9mr3faue")
-    return AuthDictProxy(config=example_config)
+    data = get_user_data(db, "asdf12345@chat.example.org")
 def test_basic(dictproxy, gencreds):
    addr, password = gencreds()
    dictproxy.lookup_passdb(addr, password)
    data = dictproxy.lookup_userdb(addr)
    assert data
-    data2 = dictproxy.lookup_passdb(addr, password)
+    data2 = lookup_passdb(
        db, example_config, "asdf12345@chat.example.org", "q9mr3jewvadsfaue"
    )
    assert data == data2
-def test_iterate_addresses(dictproxy):
+def test_dont_overwrite_password_on_wrong_login(db, example_config):
    addresses = []
    for i in range(10):
        addresses.append(f"asdf1234{i}@chat.example.org")
        dictproxy.lookup_passdb(addresses[-1], "q9mr3faue")
    res = dictproxy.iter_userdb()
    assert set(res) == set(addresses)
 def test_invalid_username_length(example_config):
    config = example_config
    config.username_min_length = 6
    config.username_max_length = 10
    password = create_newemail_dict(config)["password"]
    assert not is_allowed_to_create(config, f"a1234@{config.mail_domain}", password)
    assert is_allowed_to_create(config, f"012345@{config.mail_domain}", password)
    assert is_allowed_to_create(config, f"0123456@{config.mail_domain}", password)
    assert is_allowed_to_create(config, f"0123456789@{config.mail_domain}", password)
    assert not is_allowed_to_create(
        config, f"0123456789x@{config.mail_domain}", password
    )
 def test_dont_overwrite_password_on_wrong_login(dictproxy):
    """Test that logging in with a different password doesn't create a new user"""
-    res = dictproxy.lookup_passdb(
+    res = lookup_passdb(
-        "newuser12@chat.example.org", "kajdlkajsldk12l3kj1983"
+        db, example_config, "newuser12@chat.example.org", "kajdlkajsldk12l3kj1983"
    )
    assert res["password"]
-    res2 = dictproxy.lookup_passdb("newuser12@chat.example.org", "kajdslqwe")
+    res2 = lookup_passdb(db, example_config, "newuser12@chat.example.org", "kajdslqwe")
    # this function always returns a password hash, which is actually compared by dovecot.
    assert res["password"] == res2["password"]
-def test_nocreate_file(monkeypatch, tmpdir, dictproxy):
+def test_nocreate_file(db, monkeypatch, tmpdir, example_config):
    p = tmpdir.join("nocreate")
    p.write("")
    monkeypatch.setattr(chatmaild.doveauth, "NOCREATE_FILE", str(p))
-    dictproxy.lookup_passdb("newuser12@chat.example.org", "zequ0Aimuchoodaechik")
+    lookup_passdb(
-    assert not dictproxy.lookup_userdb("newuser12@chat.example.org")
+        db, example_config, "newuser12@chat.example.org", "zequ0Aimuchoodaechik"
    )
    assert not get_user_data(db, "newuser12@chat.example.org")
-def test_handle_dovecot_request(dictproxy):
+def test_db_version(db):
-    transactions = {}
+    assert db.get_schema_version() == 1
 def test_too_high_db_version(db):
    with db.write_transaction() as conn:
        conn.execute("PRAGMA user_version=%s;" % (999,))
    with pytest.raises(DBError):
        db.ensure_tables()
 def test_handle_dovecot_request(db, example_config):
    # Test that password can contain ", ', \ and /
    msg = (
        'Lshared/passdb/laksjdlaksjdlak\\\\sjdlk\\"12j\\\'3l1/k2j3123"'
        "some42123@chat.example.org\tsome42123@chat.example.org"
    )
-    res = dictproxy.handle_dovecot_request(msg, transactions)
+    res = handle_dovecot_request(msg, db, example_config)
    assert res
    assert res[0] == "O" and res.endswith("\n")
    userdata = json.loads(res[1:].strip())
-    assert userdata["home"].endswith("chat.example.org/some42123@chat.example.org")
+    assert (
        userdata["home"]
        == "/home/vmail/mail/chat.example.org/some42123@chat.example.org"
    )
    assert userdata["uid"] == userdata["gid"] == "vmail"
    assert userdata["password"].startswith("{SHA512-CRYPT}")
-def test_handle_dovecot_protocol_hello_is_skipped(example_config, caplog):
+def test_handle_dovecot_protocol(db, example_config):
    dictproxy = AuthDictProxy(config=example_config)
    rfile = io.BytesIO(b"H3\t2\t0\t\tauth\n")
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    assert wfile.getvalue() == b""
    assert not caplog.messages
 def test_handle_dovecot_protocol_user_not_exists(example_config):
    dictproxy = AuthDictProxy(config=example_config)
    rfile = io.BytesIO(
        b"H3\t2\t0\t\tauth\nLshared/userdb/foobar@chat.example.org\tfoobar@chat.example.org\n"
    )
    wfile = io.BytesIO()
-    dictproxy.loop_forever(rfile, wfile)
+    handle_dovecot_protocol(rfile, wfile, db, example_config)
    assert wfile.getvalue() == b"N\n"
-def test_handle_dovecot_protocol_iterate(gencreds, example_config):
+def test_50_concurrent_lookups_different_accounts(db, gencreds, example_config):
    dictproxy = AuthDictProxy(config=example_config)
    dictproxy.lookup_passdb("asdf00000@chat.example.org", "q9mr3faue")
    dictproxy.lookup_passdb("asdf11111@chat.example.org", "q9mr3faue")
    rfile = io.BytesIO(b"H3\t2\t0\t\tauth\nI0\t0\tshared/userdb/")
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    lines = wfile.getvalue().decode("ascii").split("\n")
    assert "Oshared/userdb/asdf00000@chat.example.org\t" in lines
    assert "Oshared/userdb/asdf11111@chat.example.org\t" in lines
    assert not lines[2]
 def test_invalid_localpart_characters(make_config):
    """Test that is_allowed_to_create rejects localparts with invalid characters."""
    config = make_config("chat.example.org", {"username_min_length": "3"})
    password = "zequ0Aimuchoodaechik"
    domain = config.mail_domain
    # valid localparts
    assert is_allowed_to_create(config, f"abc123@{domain}", password)
    assert is_allowed_to_create(config, f"a.b-c_d@{domain}", password)
    # uppercase rejected
    assert not is_allowed_to_create(config, f"Abc123@{domain}", password)
    assert not is_allowed_to_create(config, f"ABCDEFG@{domain}", password)
    # spaces and special chars rejected
    assert not is_allowed_to_create(config, f"a b cde@{domain}", password)
    assert not is_allowed_to_create(config, f"abc+def@{domain}", password)
    assert not is_allowed_to_create(config, f"abc!def@{domain}", password)
    assert not is_allowed_to_create(config, f"ab@cdef@{domain}", password)
    assert not is_allowed_to_create(config, f"abc/def@{domain}", password)
    assert not is_allowed_to_create(config, f"abc\\def@{domain}", password)
 def test_concurrent_creation_same_account(dictproxy):
    """Test that concurrent creation of the same account doesn't corrupt password."""
    addr = "racetest1@chat.example.org"
    password = "zequ0Aimuchoodaechik"
    num_threads = 10
    results = queue.Queue()
    def create():
        try:
            res = dictproxy.lookup_passdb(addr, password)
            results.put(("ok", res))
        except Exception:
            results.put(("err", traceback.format_exc()))
    threads = [threading.Thread(target=create, daemon=True) for _ in range(num_threads)]
    for t in threads:
        t.start()
    for t in threads:
        t.join(timeout=10)
    passwords_seen = set()
    for _ in range(num_threads):
        status, res = results.get()
        if status == "err":
            pytest.fail(f"concurrent creation failed\n{res}")
        passwords_seen.add(res["password"])
    # all threads must see the same password hash
    assert len(passwords_seen) == 1
 def test_50_concurrent_lookups_different_accounts(gencreds, dictproxy):
    num_threads = 50
    req_per_thread = 5
    results = queue.Queue()
-    def lookup():
+    def lookup(db):
        for i in range(req_per_thread):
            addr, password = gencreds()
            try:
-                dictproxy.lookup_passdb(addr, password)
+                lookup_passdb(db, example_config, addr, password)
            except Exception:
                results.put(traceback.format_exc())
            else:
@@ -191,7 +101,7 @@ def test_50_concurrent_lookups_different_accounts(gencreds, dictproxy):
    threads = []
    for i in range(num_threads):
-        thread = threading.Thread(target=lookup, daemon=True)
+        thread = threading.Thread(target=lookup, args=(db,), daemon=True)
        threads.append(thread)
    print(f"created {num_threads} threads, starting them and waiting for results")
--- a/chatmaild/src/chatmaild/tests/test_expire.py
+++ b/chatmaild/src/chatmaild/tests/test_expire.py
@@ -1,254 +0,0 @@
 import itertools
 import os
 import random
 import time
 from datetime import datetime
 from fnmatch import fnmatch
 from pathlib import Path
 import pytest
 from chatmaild.expire import (
    FileEntry,
    MailboxStat,
    expire_to_target,
    get_file_entry,
    iter_mailboxes,
    os_listdir_if_exists,
    parse_dovecot_filename,
    quota_expire_main,
    scan_mailbox_messages,
 )
 from chatmaild.expire import daily_expire_main as expiry_main
 from chatmaild.fsreport import main as report_main
 MB = 1024 * 1024
 def fill_mbox(folderdir):
    password = folderdir.joinpath("password")
    password.write_text("xxx")
    folderdir.joinpath("maildirsize").write_text("xxx")
    garbagedir = folderdir.joinpath("garbagedir")
    garbagedir.mkdir()
    garbagedir.joinpath("bimbum").write_text("hello")
    create_new_messages(folderdir, ["cur/msg1"], size=500)
    create_new_messages(folderdir, ["new/msg2"], size=600)
 def create_new_messages(basedir, relpaths, size=1000, days=0):
    now = datetime.utcnow().timestamp()
    for relpath in relpaths:
        msg_path = Path(basedir).joinpath(relpath)
        msg_path.parent.mkdir(parents=True, exist_ok=True)
        msg_path.write_text("x" * size)
        # accessed now, modified N days ago
        os.utime(msg_path, (now, now - days * 86400))
@pytest.fixture
 def mbox1(example_config):
    mboxdir = example_config.mailboxes_dir.joinpath("mailbox1@example.org")
    mboxdir.mkdir()
    fill_mbox(mboxdir)
    return MailboxStat(mboxdir)
 def test_deltachat_folder(example_config):
    """Test old setups that might have a .DeltaChat folder where messages also need to get removed."""
    mboxdir = example_config.mailboxes_dir.joinpath("mailbox1@example.org")
    mboxdir.mkdir()
    mbox2dir = mboxdir.joinpath(".DeltaChat")
    mbox2dir.mkdir()
    fill_mbox(mbox2dir)
    mb = MailboxStat(mboxdir)
    assert len(mb.messages) == 2
 def test_filentry_ordering(tmp_path):
    l = [FileEntry(f"x{i}", size=i + 10, mtime=1000 - i) for i in range(10)]
    sorted = list(l)
    random.shuffle(l)
    l.sort(key=lambda x: x.size)
    assert l == sorted
 def test_no_mailbxoes(tmp_path, capsys):
    assert [] == list(iter_mailboxes(str(tmp_path.joinpath("notexists")), maxnum=10))
    out, err = capsys.readouterr()
    assert "no mailboxes" in err
 def test_stats_mailbox(mbox1):
    password = Path(mbox1.basedir).joinpath("password")
    assert mbox1.last_login == password.stat().st_mtime
    assert len(mbox1.messages) == 2
    msgs = list(sorted(mbox1.messages, key=lambda x: x.size))
    assert len(msgs) == 2
    assert msgs[0].size == 500  # cur
    assert msgs[1].size == 600  # new
    create_new_messages(mbox1.basedir, ["large-extra"], size=1000)
    create_new_messages(mbox1.basedir, ["index-something"], size=3)
    mbox2 = MailboxStat(mbox1.basedir)
    assert len(mbox2.extrafiles) == 5
    assert mbox2.extrafiles[0].size == 1000
    # cope well with mailbox dirs that have no password (for whatever reason)
    Path(mbox1.basedir).joinpath("password").unlink()
    mbox3 = MailboxStat(mbox1.basedir)
    assert mbox3.last_login is None
 def test_report_no_mailboxes(example_config):
    args = (str(example_config._inipath),)
    report_main(args)
 def test_report(mbox1, example_config):
    args = (str(example_config._inipath),)
    report_main(args)
    args = list(args) + "--days 1".split()
    report_main(args)
    args = list(args) + "--min-login-age 1".split()
    report_main(args)
    args = list(args) + "--mdir cur".split()
    report_main(args)
 def test_report_mdir_filters_by_path(mbox1, example_config):
    """Test that Report with mdir='cur' only counts messages in cur/ subdirectory."""
    from chatmaild.fsreport import Report
    now = datetime.utcnow().timestamp()
    # Set password mtime to old enough so min_login_age check passes
    password = Path(mbox1.basedir).joinpath("password")
    old_time = now - 86400 * 10  # 10 days ago
    os.utime(password, (old_time, old_time))
    # Reload mailbox with updated mtime
    from chatmaild.expire import MailboxStat
    mbox = MailboxStat(mbox1.basedir)
    # Report without mdir — should count all messages
    rep_all = Report(now=now, min_login_age=1, mdir=None)
    rep_all.process_mailbox_stat(mbox)
    total_all = rep_all.message_buckets[0]
    # Report with mdir='cur' — should only count cur/ messages
    rep_cur = Report(now=now, min_login_age=1, mdir="cur")
    rep_cur.process_mailbox_stat(mbox)
    total_cur = rep_cur.message_buckets[0]
    # Report with mdir='new' — should only count new/ messages
    rep_new = Report(now=now, min_login_age=1, mdir="new")
    rep_new.process_mailbox_stat(mbox)
    total_new = rep_new.message_buckets[0]
    # cur has 500-byte msg, new has 600-byte msg (from fill_mbox)
    assert total_cur == 500
    assert total_new == 600
    assert total_all == 500 + 600
 def test_expiry_cli_basic(example_config, mbox1):
    args = (str(example_config._inipath),)
    expiry_main(args)
 def test_expiry_cli_old_files(capsys, example_config, mbox1):
    relpaths_old = ["cur/msg_old1", "cur/msg_old1"]
    cutoff_days = int(example_config.delete_mails_after) + 1
    create_new_messages(mbox1.basedir, relpaths_old, size=1000, days=cutoff_days)
    relpaths_large = ["cur/msg_old_large1", "new/msg_old_large2"]
    cutoff_days = int(example_config.delete_large_after) + 1
    create_new_messages(
        mbox1.basedir, relpaths_large, size=1000 * 300, days=cutoff_days
    )
    create_new_messages(mbox1.basedir, ["cur/shouldstay"], size=1000 * 300, days=1)
    args = str(example_config._inipath), "--remove", "-v"
    expiry_main(args)
    out, err = capsys.readouterr()
    allpaths = relpaths_old + relpaths_large + ["maildirsize"]
    for path in allpaths:
        for line in err.split("\n"):
            if fnmatch(line, f"removing*{path}"):
                break
        else:
            if path != "new/msg_old_large2":
                pytest.fail(f"failed to remove {path}\n{err}")
    assert "shouldstay" not in err
 def test_get_file_entry(tmp_path):
    assert get_file_entry(str(tmp_path.joinpath("123123"))) is None
    p = tmp_path.joinpath("x")
    p.write_text("hello")
    entry = get_file_entry(str(p))
    assert entry.size == 5
    assert entry.mtime
 def test_os_listdir_if_exists(tmp_path):
    tmp_path.joinpath("x").write_text("hello")
    assert len(os_listdir_if_exists(str(tmp_path))) == 1
    assert len(os_listdir_if_exists(str(tmp_path.joinpath("123123")))) == 0
 # --- quota expire tests ---
 _msg_counter = itertools.count(1)
 def _create_message(basedir, sub, size, days_old=0, disk_size=None):
    seq = next(_msg_counter)
    mtime = int(time.time() - days_old * 86400)
    name = f"{mtime}.M1P1Q{seq}.hostname,S={size},W={size}:2,S"
    path = basedir / sub / name
    path.parent.mkdir(parents=True, exist_ok=True)
    path.write_bytes(b"x" * (disk_size if disk_size is not None else size))
    os.utime(path, (mtime, mtime))
    return path
 def test_parse_dovecot_filename():
    e = parse_dovecot_filename("cur/1775324677.M448978P3029757.exam,S=3235,W=3305:2,S")
    assert e.path == "cur/1775324677.M448978P3029757.exam,S=3235,W=3305:2,S"
    assert e.mtime == 1775324677
    assert e.quota_size == 3235
    assert parse_dovecot_filename("cur/msg_without_structure") is None
 def test_expire_to_target(tmp_path):
    _create_message(tmp_path, "cur", MB, days_old=10, disk_size=100)
    _create_message(tmp_path, "new", MB, days_old=5)
    _create_message(tmp_path, "cur", MB, days_old=0)  # undeletable (<1 hour)
    assert len(scan_mailbox_messages(tmp_path)) == 3
    # removes oldest first, uses S= size not disk size
    removed = expire_to_target(tmp_path, MB)
    assert removed == 2
    msgs = scan_mailbox_messages(tmp_path)
    assert len(msgs) == 1
    # the surviving message is the fresh undeletable one
    assert msgs[0].mtime > time.time() - 3600
 def test_quota_expire_main(tmp_path, capsys):
    mbox = tmp_path / "user@example.org"
    _create_message(mbox, "cur", 2 * MB, days_old=5)
    (mbox / "maildirsize").write_text("x")
    quota_expire_main([str(1), str(mbox)])
    _, err = capsys.readouterr()
    assert "quota-expire: removed 1 message(s) from user@example.org" in err
    assert not (mbox / "maildirsize").exists()
--- a/chatmaild/src/chatmaild/tests/test_filedict.py
+++ b/chatmaild/src/chatmaild/tests/test_filedict.py
@@ -1,39 +0,0 @@
 import threading
 from chatmaild.filedict import FileDict, write_bytes_atomic
 def test_basic(tmp_path):
    fdict = FileDict(tmp_path.joinpath("metadata"))
    assert fdict.read() == {}
    with fdict.modify() as d:
        d["devicetoken"] = [1, 2, 3]
        d["456"] = 4.2
    new = fdict.read()
    assert new["devicetoken"] == [1, 2, 3]
    assert new["456"] == 4.2
 def test_bad_marshal_file(tmp_path, caplog):
    fdict1 = FileDict(tmp_path.joinpath("metadata"))
    fdict1.path.write_bytes(b"l12k3l12k3l")
    assert fdict1.read() == {}
    assert "corrupt" in caplog.records[0].msg
 def test_write_bytes_atomic_concurrent(tmp_path):
    p = tmp_path.joinpath("somefile.ext")
    write_bytes_atomic(p, b"hello")
    threads = []
    for i in range(30):
        content = f"hello{i}".encode("ascii")
        t = threading.Thread(target=lambda: write_bytes_atomic(p, content))
        t.start()
        threads.append(t)
    for t in threads:
        t.join()
    assert p.read_text().strip() != "hello"
    assert len(list(p.parent.iterdir())) == 1
--- a/chatmaild/src/chatmaild/tests/test_filtermail.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail.py
@@ -0,0 +1,145 @@
 from chatmaild.filtermail import (
    check_encrypted,
    BeforeQueueHandler,
    SendRateLimiter,
    check_mdn,
 )
 import pytest
@pytest.fixture
 def maildomain():
    # let's not depend on a real chatmail instance for the offline tests below
    return "chatmail.example.org"
@pytest.fixture
 def handler(make_config, maildomain):
    config = make_config(maildomain)
    return BeforeQueueHandler(config)
 def test_reject_forged_from(maildata, gencreds, handler):
    class env:
        mail_from = gencreds()[0]
        rcpt_tos = [gencreds()[0]]
    # test that the filter lets good mail through
    to_addr = gencreds()[0]
    env.content = maildata(
        "plain.eml", from_addr=env.mail_from, to_addr=to_addr
    ).as_bytes()
    assert not handler.check_DATA(envelope=env)
    # test that the filter rejects forged mail
    env.content = maildata(
        "plain.eml", from_addr="forged@c3.testrun.org", to_addr=to_addr
    ).as_bytes()
    error = handler.check_DATA(envelope=env)
    assert "500" in error
 def test_filtermail_no_encryption_detection(maildata):
    msg = maildata(
        "plain.eml", from_addr="some@example.org", to_addr="other@example.org"
    )
    assert not check_encrypted(msg)
    # https://xkcd.com/1181/
    msg = maildata(
        "fake-encrypted.eml", from_addr="some@example.org", to_addr="other@example.org"
    )
    assert not check_encrypted(msg)
 def test_filtermail_encryption_detection(maildata):
    msg = maildata("encrypted.eml", from_addr="1@example.org", to_addr="2@example.org")
    assert check_encrypted(msg)
    # if the subject is not "..." it is not considered ac-encrypted
    msg.replace_header("Subject", "Click this link")
    assert not check_encrypted(msg)
 def test_filtermail_is_mdn(maildata, gencreds, handler):
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    msg = maildata("mdn.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr]
        content = msg.as_bytes()
    assert check_mdn(msg, env)
    print(msg.as_string())
    assert not handler.check_DATA(env)
 def test_filtermail_to_multiple_recipients_no_mdn(maildata, gencreds):
    from_addr = gencreds()[0]
    to_addr = gencreds()[0] + ".other"
    thirdaddr = gencreds()[0]
    msg = maildata("mdn.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr, thirdaddr]
        content = msg.as_bytes()
    assert not check_mdn(msg, env)
 def test_send_rate_limiter():
    limiter = SendRateLimiter()
    for i in range(100):
        if limiter.is_sending_allowed("some@example.org", 10):
            if i <= 10:
                continue
            pytest.fail("limiter didn't work")
        else:
            assert i == 11
            break
 def test_excempt_privacy(maildata, gencreds, handler):
    from_addr = gencreds()[0]
    to_addr = "privacy@testrun.org"
    handler.config.passthrough_recipients = [to_addr]
    false_to = "privacy@something.org"
    msg = maildata("plain.eml", from_addr, to_addr)
    class env:
        mail_from = from_addr
        rcpt_tos = [to_addr]
        content = msg.as_bytes()
    # assert that None/no error is returned
    assert not handler.check_DATA(envelope=env)
    class env2:
        mail_from = from_addr
        rcpt_tos = [to_addr, false_to]
        content = msg.as_bytes()
    assert "500" in handler.check_DATA(envelope=env2)
 def test_passthrough_senders(gencreds, handler, maildata):
    acc1 = gencreds()[0]
    to_addr = "recipient@something.org"
    handler.config.passthrough_senders = [acc1]
    msg = maildata("plain.eml", acc1, to_addr)
    class env:
        mail_from = acc1
        rcpt_tos = to_addr
        content = msg.as_bytes()
    # assert that None/no error is returned
    assert not handler.check_DATA(envelope=env)
--- a/chatmaild/src/chatmaild/tests/test_filtermail_blackbox.py
+++ b/chatmaild/src/chatmaild/tests/test_filtermail_blackbox.py
@@ -1,90 +0,0 @@
 import shutil
 import smtplib
 import subprocess
 import sys
 import pytest
 pytestmark = pytest.mark.skipif(
    shutil.which("filtermail") is None,
    reason="filtermail binary not found",
 )
@pytest.fixture
 def smtpserver():
    from pytest_localserver import smtp
    server = smtp.Server("127.0.0.1")
    server.start()
    yield server
    server.stop()
@pytest.fixture
 def make_popen(request):
    def popen(cmdargs, stdout=subprocess.PIPE, stderr=subprocess.PIPE, **kw):
        p = subprocess.Popen(
            cmdargs,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
        )
        def fin():
            p.terminate()
            out, err = p.communicate()
            print(out.decode("ascii"))
            print(err.decode("ascii"), file=sys.stderr)
        request.addfinalizer(fin)
        return p
    return popen
@pytest.mark.parametrize("filtermail_mode", ["outgoing", "incoming"])
 def test_one_mail(
    make_config, make_popen, smtpserver, maildata, filtermail_mode, monkeypatch
 ):
    monkeypatch.setenv("PYTHONUNBUFFERED", "1")
    # DKIM is tested by cmdeploy tests.
    monkeypatch.setenv("FILTERMAIL_SKIP_DKIM", "1")
    smtp_inject_port = 20025
    if filtermail_mode == "outgoing":
        settings = dict(
            postfix_reinject_port=smtpserver.port,
            filtermail_smtp_port=smtp_inject_port,
        )
    else:
        settings = dict(
            postfix_reinject_port_incoming=smtpserver.port,
            filtermail_smtp_port_incoming=smtp_inject_port,
        )
    config = make_config("example.org", settings=settings)
    path = str(config._inipath)
    popen = make_popen(["filtermail", path, filtermail_mode])
    line = popen.stderr.readline().strip()
    # skip a warning that FILTERMAIL_SKIP_DKIM shouldn't be used in prod
    if b"DKIM verification DISABLED!" in line:
        line = popen.stderr.readline().strip()
    if b"loop" not in line:
        print(line.decode("ascii"), file=sys.stderr)
        pytest.fail("starting filtermail failed")
    addr = f"user1@{config.mail_domain}"
    config.get_user(addr).set_password("l1k2j3l1k2j3l")
    # send encrypted mail
    data = str(maildata("encrypted.eml", from_addr=addr, to_addr=addr))
    client = smtplib.SMTP("localhost", smtp_inject_port)
    client.sendmail(addr, [addr], data)
    assert len(smtpserver.outbox) == 1
    # send un-encrypted mail that errors
    data = str(maildata("fake-encrypted.eml", from_addr=addr, to_addr=addr))
    with pytest.raises(smtplib.SMTPDataError) as e:
        client.sendmail(addr, [addr], data)
    assert e.value.smtp_code == 523
--- a/chatmaild/src/chatmaild/tests/test_lastlogin.py
+++ b/chatmaild/src/chatmaild/tests/test_lastlogin.py
@@ -1,38 +0,0 @@
 import time
 from chatmaild.doveauth import AuthDictProxy
 from chatmaild.lastlogin import (
    LastLoginDictProxy,
 )
 def test_handle_dovecot_request_last_login(testaddr, example_config):
    dictproxy = LastLoginDictProxy(config=example_config)
    authproxy = AuthDictProxy(config=example_config)
    authproxy.lookup_passdb(testaddr, "1l2k3j1l2k3jl123")
    dictproxy_transactions = {}
    # Begin transaction
    tx = "1111"
    msg = f"B{tx}\t{testaddr}"
    res = dictproxy.handle_dovecot_request(msg, dictproxy_transactions)
    assert not res
    assert dictproxy_transactions == {tx: dict(addr=testaddr, res="O\n")}
    # set last-login info for user
    user = dictproxy.config.get_user(testaddr)
    timestamp = int(time.time())
    msg = f"S{tx}\tshared/last-login/{testaddr}\t{timestamp}"
    res = dictproxy.handle_dovecot_request(msg, dictproxy_transactions)
    assert not res
    assert len(dictproxy_transactions) == 1
    read_timestamp = user.get_last_login_timestamp()
    assert read_timestamp == timestamp // 86400 * 86400
    # finish transaction
    msg = f"C{tx}"
    res = dictproxy.handle_dovecot_request(msg, dictproxy_transactions)
    assert res == "O\n"
    assert len(dictproxy_transactions) == 0
--- a/chatmaild/src/chatmaild/tests/test_metadata.py
+++ b/chatmaild/src/chatmaild/tests/test_metadata.py
@@ -1,385 +0,0 @@
 import io
 import time
 import pytest
 import requests
 from chatmaild.metadata import (
    Metadata,
    MetadataDictProxy,
 )
 from chatmaild.notifier import (
    Notifier,
    NotifyThread,
    PersistentQueueItem,
 )
@pytest.fixture
 def notifier(metadata):
    queue_dir = metadata.vmail_dir.joinpath("pending_notifications")
    queue_dir.mkdir()
    return Notifier(queue_dir)
@pytest.fixture
 def metadata(tmp_path):
    vmail_dir = tmp_path.joinpath("vmaildir")
    vmail_dir.mkdir()
    return Metadata(vmail_dir)
@pytest.fixture
 def dictproxy(notifier, metadata):
    return MetadataDictProxy(notifier=notifier, metadata=metadata)
@pytest.fixture
 def testaddr2():
    return "user2@example.org"
@pytest.fixture
 def token():
    return "01234"
 def get_mocked_requests(statuslist):
    class ReqMock:
        requests = []
        def post(self, url, data, timeout):
            self.requests.append((url, data, timeout))
            res = statuslist.pop(0)
            if isinstance(res, Exception):
                raise res
            class Result:
                status_code = res
            return Result()
    return ReqMock()
 def test_metadata_persistence(tmp_path, testaddr, testaddr2):
    metadata1 = Metadata(tmp_path)
    metadata2 = Metadata(tmp_path)
    assert not metadata1.get_tokens_for_addr(testaddr)
    assert not metadata2.get_tokens_for_addr(testaddr)
    metadata1.add_token_to_addr(testaddr, "01234")
    metadata1.add_token_to_addr(testaddr2, "456")
    assert metadata2.get_tokens_for_addr(testaddr) == ["01234"]
    assert metadata2.get_tokens_for_addr(testaddr2) == ["456"]
    metadata2.remove_token_from_addr(testaddr, "01234")
    assert not metadata1.get_tokens_for_addr(testaddr)
    assert metadata1.get_tokens_for_addr(testaddr2) == ["456"]
 def test_remove_nonexisting(metadata, tmp_path, testaddr):
    metadata.add_token_to_addr(testaddr, "123")
    metadata.remove_token_from_addr(testaddr, "1l23k1l2k3")
    assert metadata.get_tokens_for_addr(testaddr) == ["123"]
 def test_notifier_remove_without_set(metadata, testaddr):
    metadata.remove_token_from_addr(testaddr, "123")
    assert not metadata.get_tokens_for_addr(testaddr)
 def test_handle_dovecot_request_lookup_fails(dictproxy, testaddr):
    transactions = {}
    res = dictproxy.handle_dovecot_request(
        f"Lpriv/123/chatmail\t{testaddr}", transactions
    )
    assert res == "N\n"
 def test_handle_dovecot_request_happy_path(dictproxy, testaddr, token):
    metadata = dictproxy.metadata
    transactions = {}
    notifier = dictproxy.notifier
    # set device token in a transaction
    tx = "1111"
    msg = f"B{tx}\t{testaddr}"
    res = dictproxy.handle_dovecot_request(msg, transactions)
    assert not res and not metadata.get_tokens_for_addr(testaddr)
    assert transactions == {tx: dict(addr=testaddr, res="O\n")}
    msg = f"S{tx}\tpriv/guid00/devicetoken\t{token}"
    res = dictproxy.handle_dovecot_request(msg, transactions)
    assert not res
    assert len(transactions) == 1
    assert metadata.get_tokens_for_addr(testaddr) == [token]
    msg = f"C{tx}"
    res = dictproxy.handle_dovecot_request(msg, transactions)
    assert res == "O\n"
    assert len(transactions) == 0
    assert metadata.get_tokens_for_addr(testaddr) == [token]
    # trigger notification for incoming message
    tx2 = "2222"
    assert dictproxy.handle_dovecot_request(f"B{tx2}\t{testaddr}", transactions) is None
    msg = f"S{tx2}\tpriv/guid00/messagenew"
    assert dictproxy.handle_dovecot_request(msg, transactions) is None
    queue_item = notifier.retry_queues[0].get()[1]
    assert queue_item.token == token
    assert dictproxy.handle_dovecot_request(f"C{tx2}", transactions) == "O\n"
    assert not transactions
    assert queue_item.path.exists()
 def test_handle_dovecot_protocol_set_devicetoken(dictproxy):
    rfile = io.BytesIO(
        b"\n".join(
            [
                b"HELLO",
                b"Btx00\tuser@example.org",
                b"Stx00\tpriv/guid00/devicetoken\t01234",
                b"Ctx00",
            ]
        )
    )
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    assert wfile.getvalue() == b"O\n"
    assert dictproxy.metadata.get_tokens_for_addr("user@example.org") == ["01234"]
 def test_handle_dovecot_protocol_set_get_devicetoken(dictproxy):
    rfile = io.BytesIO(
        b"\n".join(
            [
                b"HELLO",
                b"Btx00\tuser@example.org",
                b"Stx00\tpriv/guid00/devicetoken\t01234",
                b"Ctx00",
            ]
        )
    )
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    assert dictproxy.metadata.get_tokens_for_addr("user@example.org") == ["01234"]
    assert wfile.getvalue() == b"O\n"
    rfile = io.BytesIO(
        b"\n".join([b"HELLO", b"Lpriv/0123/devicetoken\tuser@example.org"])
    )
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    assert wfile.getvalue() == b"O01234\n"
 def test_handle_dovecot_protocol_iterate(dictproxy):
    rfile = io.BytesIO(
        b"\n".join(
            [
                b"H",
                b"I9\t0\tpriv/5cbe730f146fea6535be0d003dd4fc98/\tci-2dzsrs@nine.testrun.org",
            ]
        )
    )
    wfile = io.BytesIO()
    dictproxy.loop_forever(rfile, wfile)
    assert wfile.getvalue() == b"\n"
 def test_notifier_thread_deletes_persistent_file(metadata, notifier, testaddr):
    reqmock = get_mocked_requests([200])
    metadata.add_token_to_addr(testaddr, "01234")
    notifier.new_message_for_addr(testaddr, metadata)
    NotifyThread(notifier, 0, None).retry_one(reqmock)
    url, data, timeout = reqmock.requests[0]
    assert data == "01234"
    assert metadata.get_tokens_for_addr(testaddr) == ["01234"]
    notifier.requeue_persistent_queue_items()
    assert notifier.retry_queues[0].qsize() == 0
@pytest.mark.parametrize("status", [requests.exceptions.RequestException(), 404, 500])
 def test_notifier_thread_connection_failures(
    metadata, notifier, testaddr, status, caplog
 ):
    """test that tokens keep getting retried until they are given up."""
    metadata.add_token_to_addr(testaddr, "01234")
    notifier.new_message_for_addr(testaddr, metadata)
    notifier.NOTIFICATION_RETRY_DELAY = 5
    max_tries = len(notifier.retry_queues)
    for i in range(max_tries):
        caplog.clear()
        reqmock = get_mocked_requests([status])
        sleep_calls = []
        NotifyThread(notifier, i, None).retry_one(reqmock, sleep=sleep_calls.append)
        assert notifier.retry_queues[i].qsize() == 0
        assert "request failed" in caplog.records[0].msg
        if i > 0:
            assert len(sleep_calls) == 1
        if i + 1 < max_tries:
            assert notifier.retry_queues[i + 1].qsize() == 1
            assert len(caplog.records) == 1
        else:
            assert len(caplog.records) == 2
            assert "deadline" in caplog.records[1].msg
    notifier.requeue_persistent_queue_items()
    assert notifier.retry_queues[0].qsize() == 0
 def test_requeue_removes_tmp_files(notifier, metadata, testaddr, caplog):
    metadata.add_token_to_addr(testaddr, "01234")
    notifier.new_message_for_addr(testaddr, metadata)
    p = notifier.queue_dir.joinpath("1203981203.tmp")
    p.touch()
    notifier2 = notifier.__class__(notifier.queue_dir)
    notifier2.requeue_persistent_queue_items()
    assert "spurious" in caplog.records[0].msg
    assert not p.exists()
    assert notifier2.retry_queues[0].qsize() == 1
    when, queue_item = notifier2.retry_queues[0].get()
    assert when <= int(time.time())
    assert queue_item.addr == testaddr
 def test_requeue_removes_invalid_files(notifier, metadata, testaddr, caplog):
    metadata.add_token_to_addr(testaddr, "01234")
    notifier.new_message_for_addr(testaddr, metadata)
    # empty/invalid files should be ignored
    p = notifier.queue_dir.joinpath("1203981203")
    p.touch()
    notifier2 = notifier.__class__(notifier.queue_dir)
    notifier2.requeue_persistent_queue_items()
    assert "spurious" in caplog.records[0].msg
    assert not p.exists()
    assert notifier2.retry_queues[0].qsize() == 1
    when, queue_item = notifier2.retry_queues[0].get()
    assert when <= int(time.time())
    assert queue_item.addr == testaddr
 def test_start_and_stop_notification_threads(notifier, testaddr):
    threads = notifier.start_notification_threads(None)
    for retry_num, threadlist in threads.items():
        for t in threadlist:
            t.stop()
            t.join()
 def test_multi_device_notifier(metadata, notifier, testaddr):
    metadata.add_token_to_addr(testaddr, "01234")
    metadata.add_token_to_addr(testaddr, "56789")
    notifier.new_message_for_addr(testaddr, metadata)
    reqmock = get_mocked_requests([200, 200])
    NotifyThread(notifier, 0, None).retry_one(reqmock)
    NotifyThread(notifier, 0, None).retry_one(reqmock)
    assert notifier.retry_queues[0].qsize() == 0
    assert notifier.retry_queues[1].qsize() == 0
    url, data, timeout = reqmock.requests[0]
    assert data == "01234"
    url, data, timeout = reqmock.requests[1]
    assert data == "56789"
    assert metadata.get_tokens_for_addr(testaddr) == ["01234", "56789"]
 def test_notifier_thread_run_gone_removes_token(metadata, notifier, testaddr):
    metadata.add_token_to_addr(testaddr, "01234")
    metadata.add_token_to_addr(testaddr, "45678")
    notifier.new_message_for_addr(testaddr, metadata)
    reqmock = get_mocked_requests([410, 200])
    NotifyThread(notifier, 0, metadata.remove_token_from_addr).retry_one(reqmock)
    NotifyThread(notifier, 0, None).retry_one(reqmock)
    url, data, timeout = reqmock.requests[0]
    assert data == "01234"
    url, data, timeout = reqmock.requests[1]
    assert data == "45678"
    assert metadata.get_tokens_for_addr(testaddr) == ["45678"]
    assert notifier.retry_queues[0].qsize() == 0
    assert notifier.retry_queues[1].qsize() == 0
 def test_persistent_queue_items(tmp_path, testaddr, token):
    queue_item = PersistentQueueItem.create(tmp_path, testaddr, 432, token)
    assert queue_item.addr == testaddr
    assert queue_item.start_ts == 432
    assert queue_item.token == token
    item2 = PersistentQueueItem.read_from_path(queue_item.path)
    assert item2.addr == testaddr
    assert item2.start_ts == 432
    assert item2.token == token
    assert item2 == queue_item
    item2.delete()
    assert not item2.path.exists()
    assert not queue_item < item2 and not item2 < queue_item
 def test_turn_credentials_exception_returns_N(notifier, metadata, monkeypatch):
    """Test that turn_credentials() failure returns N\\n instead of crashing."""
    import chatmaild.metadata
    dictproxy = MetadataDictProxy(
        notifier=notifier,
        metadata=metadata,
        turn_hostname="turn.example.org",
    )
    def mock_turn_credentials():
        raise ConnectionRefusedError("socket not available")
    monkeypatch.setattr(chatmaild.metadata, "turn_credentials", mock_turn_credentials)
    transactions = {}
    res = dictproxy.handle_dovecot_request(
        "Lshared/0123/vendor/vendor.dovecot/pvt/server/vendor/deltachat/turn"
        "\tuser@example.org",
        transactions,
    )
    assert res == "N\n"
 def test_turn_credentials_success(notifier, metadata, monkeypatch):
    """Test that valid turn_credentials() returns TURN URI."""
    import chatmaild.metadata
    dictproxy = MetadataDictProxy(
        notifier=notifier,
        metadata=metadata,
        turn_hostname="turn.example.org",
    )
    monkeypatch.setattr(chatmaild.metadata, "turn_credentials", lambda: "user:pass")
    transactions = {}
    res = dictproxy.handle_dovecot_request(
        "Lshared/0123/vendor/vendor.dovecot/pvt/server/vendor/deltachat/turn"
        "\tuser@example.org",
        transactions,
    )
    assert res == "Oturn.example.org:3478:user:pass\n"
 def test_iroh_relay(dictproxy):
    rfile = io.BytesIO(
        b"\n".join(
            [
                b"H",
                b"Lshared/0123/vendor/vendor.dovecot/pvt/server/vendor/deltachat/irohrelay\tuser@example.org",
            ]
        )
    )
    wfile = io.BytesIO()
    dictproxy.iroh_relay = "https://example.org/"
    dictproxy.loop_forever(rfile, wfile)
    assert wfile.getvalue() == b"Ohttps://example.org/\n"
 def test_legacy_token_migration(metadata, testaddr):
    with metadata.get_metadata_dict(testaddr).modify() as data:
        data[metadata.DEVICETOKEN_KEY] = ["oldtoken1", "oldtoken2"]
    assert metadata.get_tokens_for_addr(testaddr) == ["oldtoken1", "oldtoken2"]
    mdict = metadata.get_metadata_dict(testaddr).read()
    tokens = mdict[metadata.DEVICETOKEN_KEY]
    assert isinstance(tokens, dict)
    assert "oldtoken1" in tokens and "oldtoken2" in tokens
--- a/chatmaild/src/chatmaild/tests/test_metrics.py
+++ b/chatmaild/src/chatmaild/tests/test_metrics.py
@@ -0,0 +1,16 @@
 from chatmaild.metrics import main
 def test_main(tmp_path, capsys):
    for x in ("ci-asllkj", "ac_12l3kj", "qweqwe", "ci-l1k2j31l2k3"):
        tmp_path.joinpath(x).mkdir()
    main(tmp_path)
    out, _ = capsys.readouterr()
    d = {}
    for line in out.split("\n"):
        if line.strip():
            name, num, _ = line.split()
            d[name] = int(num)
    assert d["accounts"] == 4
    assert d["ci_accounts"] == 3
--- a/chatmaild/src/chatmaild/tests/test_migrate_db.py
+++ b/chatmaild/src/chatmaild/tests/test_migrate_db.py
@@ -1,69 +0,0 @@
 import sqlite3
 from chatmaild.migrate_db import migrate_from_db_to_maildir
 def test_migration_not_exists(tmp_path, example_config):
    example_config.passdb_path = tmp_path.joinpath("sqlite")
 def test_migration(tmp_path, example_config, caplog):
    passdb_path = tmp_path.joinpath("passdb.sqlite")
    uri = f"file:{passdb_path}?mode=rwc"
    sqlconn = sqlite3.connect(uri, timeout=60, uri=True)
    sqlconn.execute(
        """
        CREATE TABLE users (
            addr TEXT PRIMARY KEY,
            password TEXT,
            last_login INTEGER
        )
    """
    )
    all = {}
    for i in range(500):
        values = (f"somsom{i:03}@example.org", f"passwo{i:03}", i * 86400)
        sqlconn.execute(
            """
            INSERT INTO users (addr, password, last_login)
            VALUES (?, ?, ?)""",
            values,
        )
        all[values[0]] = values[1:]
    for i in range(500):
        values = (f"pompom{i:03}@example.org", f"wopass{i:03}", "")
        sqlconn.execute(
            """
            INSERT INTO users (addr, password, last_login)
            VALUES (?, ?, ?)""",
            values,
        )
        all[values[0]] = values[1:]
    sqlconn.commit()
    sqlconn.close()
    assert passdb_path.stat().st_size > 10000
    example_config.passdb_path = passdb_path
    # ensure logging.info records are captured regardless of global configuration
    caplog.set_level("INFO")
    assert not caplog.records
    migrate_from_db_to_maildir(example_config, chunking=500)
    assert len(caplog.records) > 3
    for path in example_config.mailboxes_dir.iterdir():
        if "@" not in path.name:
            continue
        password, last_login = all.pop(path.name)
        user = example_config.get_user(path.name)
        if last_login:
            assert user.get_last_login_timestamp() == last_login
        assert password == user.get_userdb_dict()["password"]
    assert not all
    assert not example_config.passdb_path.exists()
--- a/chatmaild/src/chatmaild/tests/test_newmail.py
+++ b/chatmaild/src/chatmaild/tests/test_newmail.py
@@ -1,11 +1,7 @@
 import json
 import chatmaild
-from chatmaild.newemail import (
+from chatmaild.newemail import create_newemail_dict, print_new_account
    create_dclogin_url,
    create_newemail_dict,
    print_new_account,
 )
 def test_create_newemail_dict(example_config):
@@ -19,24 +15,6 @@ def test_create_newemail_dict(example_config):
    assert ac1["password"] != ac2["password"]
 def test_create_newemail_dict_ip(make_config):
    config = make_config("1.2.3.4")
    ac = create_newemail_dict(config)
    assert ac["email"].endswith("@[1.2.3.4]")
 def test_create_dclogin_url():
    url = create_dclogin_url("user@example.org", "p@ss w+rd")
    assert url.startswith("dclogin:")
    assert "v=1" in url
    assert "ic=3" in url
    assert "user@example.org" in url
    # password special chars must be encoded
    assert "p%40ss" in url
    assert "w%2Brd" in url
 def test_print_new_account(capsys, monkeypatch, maildomain, tmpdir, example_config):
    monkeypatch.setattr(chatmaild.newemail, "CONFIG_PATH", str(example_config._inipath))
    print_new_account()
@@ -47,20 +25,3 @@ def test_print_new_account(capsys, monkeypatch, maildomain, tmpdir, example_conf
    dic = json.loads(lines[2])
    assert dic["email"].endswith(f"@{example_config.mail_domain}")
    assert len(dic["password"]) >= 10
    # default tls_cert=acme should not include dclogin_url
    assert "dclogin_url" not in dic
 def test_print_new_account_self_signed(capsys, monkeypatch, make_config):
    config = make_config("_test.example.org")
    monkeypatch.setattr(chatmaild.newemail, "CONFIG_PATH", str(config._inipath))
    print_new_account()
    out, err = capsys.readouterr()
    lines = out.split("\n")
    dic = json.loads(lines[2])
    assert "dclogin_url" in dic
    url = dic["dclogin_url"]
    assert url.startswith("dclogin:")
    assert "ic=3" in url
    assert dic["email"].split("@")[0] in url
--- a/chatmaild/src/chatmaild/tests/test_turnserver.py
+++ b/chatmaild/src/chatmaild/tests/test_turnserver.py
@@ -1,73 +0,0 @@
 import socket
 import threading
 import time
 from unittest.mock import patch
 import pytest
 from chatmaild.turnserver import turn_credentials
 SOCKET_PATH = "/run/chatmail-turn/turn.socket"
@pytest.fixture
 def turn_socket(tmp_path):
    """Create a real Unix socket server at a temp path."""
    sock_path = str(tmp_path / "turn.socket")
    server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    server.bind(sock_path)
    server.listen(1)
    yield sock_path, server
    server.close()
 def _call_turn_credentials(sock_path):
    """Call turn_credentials but connect to sock_path instead of hardcoded path."""
    original_connect = socket.socket.connect
    def patched_connect(self, address):
        if address == SOCKET_PATH:
            address = sock_path
        return original_connect(self, address)
    with patch.object(socket.socket, "connect", patched_connect):
        return turn_credentials()
 def test_turn_credentials_timeout(turn_socket):
    """Server accepts but never responds — must raise socket.timeout."""
    sock_path, server = turn_socket
    def accept_and_hang():
        conn, _ = server.accept()
        time.sleep(30)
        conn.close()
    t = threading.Thread(target=accept_and_hang, daemon=True)
    t.start()
    with pytest.raises(socket.timeout):
        _call_turn_credentials(sock_path)
 def test_turn_credentials_connection_refused(tmp_path):
    """Socket file doesn't exist — must raise ConnectionRefusedError or FileNotFoundError."""
    missing = str(tmp_path / "nonexistent.socket")
    with pytest.raises((ConnectionRefusedError, FileNotFoundError)):
        _call_turn_credentials(missing)
 def test_turn_credentials_success(turn_socket):
    """Server responds with credentials — must return stripped string."""
    sock_path, server = turn_socket
    def respond():
        conn, _ = server.accept()
        conn.sendall(b"testuser:testpass\n")
        conn.close()
    t = threading.Thread(target=respond, daemon=True)
    t.start()
    result = _call_turn_credentials(sock_path)
    assert result == "testuser:testpass"
--- a/chatmaild/src/chatmaild/tests/test_user.py
+++ b/chatmaild/src/chatmaild/tests/test_user.py
@@ -1,56 +0,0 @@
 def test_login_timestamp(testaddr, example_config):
    user = example_config.get_user(testaddr)
    user.set_password("someeqkjwelkqwjleqwe")
    user.set_last_login_timestamp(100000)
    assert user.get_last_login_timestamp() == 86400
    user.set_last_login_timestamp(200000)
    assert user.get_last_login_timestamp() == 86400 * 2
 def test_get_user_dict_not_set(testaddr, example_config, caplog):
    user = example_config.get_user(testaddr)
    assert not caplog.records
    assert user.get_userdb_dict() == {}
    assert len(caplog.records) == 0
    user.set_password("")
    assert user.get_userdb_dict() == {}
    assert len(caplog.records) == 1
 def test_get_user_dict(make_config, tmp_path):
    config = make_config("something.testrun.org")
    addr = "user1@something.org"
    user = config.get_user(addr)
    enc_password = "l1k2j31lk2j3l1k23j123"
    user.set_password(enc_password)
    data = user.get_userdb_dict()
    assert addr in str(data["home"])
    assert data["uid"] == "vmail"
    assert data["gid"] == "vmail"
    assert data["password"] == enc_password
 def test_no_mailboxes_dir(testaddr, example_config, tmp_path):
    p = tmp_path.joinpath("a", "mailboxes")
    example_config.mailboxes_dir = p
    user = example_config.get_user(testaddr)
    user.set_password("someeqkjwelkqwjleqwe")
    user.set_last_login_timestamp(100000)
    assert user.get_last_login_timestamp() == 86400
 def test_set_get_cleartext_flag(testaddr, example_config, tmp_path):
    p = tmp_path.joinpath("a", "mailboxes")
    example_config.mailboxes_dir = p
    user = example_config.get_user(testaddr)
    user.set_password("someeqkjwelkqwjleqwe")
    user.set_last_login_timestamp(100000)
    assert user.get_last_login_timestamp() == 86400
    assert not user.is_incoming_cleartext_ok()
    user.allow_incoming_cleartext()
    assert user.is_incoming_cleartext_ok()
--- a/chatmaild/src/chatmaild/turnserver.py
+++ b/chatmaild/src/chatmaild/turnserver.py
@@ -1,10 +0,0 @@
 #!/usr/bin/env python3
 import socket
 def turn_credentials() -> str:
    with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as client_socket:
        client_socket.settimeout(5)
        client_socket.connect("/run/chatmail-turn/turn.socket")
        with client_socket.makefile("rb") as file:
            return file.readline().decode("utf-8").strip()
--- a/chatmaild/src/chatmaild/user.py
+++ b/chatmaild/src/chatmaild/user.py
@@ -1,82 +0,0 @@
 import logging
 import os
 from chatmaild.filedict import write_bytes_atomic
 def get_daytimestamp(timestamp) -> int:
    return int(timestamp) // 86400 * 86400
 class User:
    def __init__(self, maildir, addr, password_path, uid, gid):
        self.maildir = maildir
        self.addr = addr
        self.password_path = password_path
        self.enforce_E2EE_path = maildir.joinpath("enforceE2EEincoming")
        self.uid = uid
        self.gid = gid
    @property
    def can_track(self):
        return "@" in self.addr
    def get_userdb_dict(self):
        """Return a non-empty dovecot 'userdb' style dict
        if the user has an existing non-empty password"""
        try:
            pw = self.password_path.read_text()
        except FileNotFoundError:
            return {}
        if not pw:
            logging.error(f"password is empty for: {self.addr}")
            return {}
        home = str(self.maildir)
        return dict(addr=self.addr, home=home, uid=self.uid, gid=self.gid, password=pw)
    def is_incoming_cleartext_ok(self):
        return not self.enforce_E2EE_path.exists()
    def allow_incoming_cleartext(self):
        if self.enforce_E2EE_path.exists():
            self.enforce_E2EE_path.unlink()
    def set_password(self, enc_password):
        """Set the specified password for this user.
        This method can be called concurrently
        but there is no guarantee which of the password-set calls will win.
        """
        self.maildir.mkdir(exist_ok=True, parents=True)
        password = enc_password.encode("ascii")
        try:
            write_bytes_atomic(self.password_path, password)
        except PermissionError:
            logging.error(f"could not write password for: {self.addr}")
            raise
        self.enforce_E2EE_path.touch()
    def set_last_login_timestamp(self, timestamp):
        """Track login time with daily granularity
        to minimize touching files and to minimize metadata leakage."""
        if not self.can_track:
            return
        try:
            mtime = int(os.stat(self.password_path).st_mtime)
        except FileNotFoundError:
            logging.error(f"Can not get last login timestamp for {self.addr}")
            return
        timestamp = get_daytimestamp(timestamp)
        if mtime != timestamp:
            os.utime(self.password_path, (timestamp, timestamp))
    def get_last_login_timestamp(self):
        if self.can_track:
            try:
                return int(self.password_path.stat().st_mtime)
            except FileNotFoundError:
                pass
--- a/cliff.toml
+++ b/cliff.toml
@@ -1,94 +0,0 @@
 # git-cliff ~ configuration file
 # https://git-cliff.org/docs/configuration
 [changelog]
 # A Tera template to be rendered for each release in the changelog.
 # See https://keats.github.io/tera/docs/#introduction
 body = """
 {% if version %}\
    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
 {% else %}\
    ## [unreleased]
 {% endif %}\
 {% for group, commits in commits | group_by(attribute="group") %}
    ### {{ group | striptags | trim | upper_first }}
    {% for commit in commits %}
        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
            {% if commit.breaking %}[**breaking**] {% endif %}\
            {{ commit.message | upper_first }}\
    {% endfor %}
 {% endfor %}
 """
 # Remove leading and trailing whitespaces from the changelog's body.
 trim = true
 # Render body even when there are no releases to process.
 render_always = true
 # An array of regex based postprocessors to modify the changelog.
 postprocessors = [
    # Replace the placeholder <REPO> with a URL.
    #{ pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" },
 ]
 # render body even when there are no releases to process
 # render_always = true
 # output file path
 # output = "test.md"
 [git]
 # Parse commits according to the conventional commits specification.
 # See https://www.conventionalcommits.org
 conventional_commits = true
 # Exclude commits that do not match the conventional commits specification.
 filter_unconventional = true
 # Require all commits to be conventional.
 # Takes precedence over filter_unconventional.
 require_conventional = false
 # Split commits on newlines, treating each line as an individual commit.
 split_commits = false
 # An array of regex based parsers to modify commit messages prior to further processing.
 commit_preprocessors = [
    # Replace issue numbers with link templates to be updated in `changelog.postprocessors`.
    #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
    # Check spelling of the commit message using https://github.com/crate-ci/typos.
    # If the spelling is incorrect, it will be fixed automatically.
    #{ pattern = '.*', replace_command = 'typos --write-changes -' },
 ]
 # Prevent commits that are breaking from being excluded by commit parsers.
 protect_breaking_commits = false
 # An array of regex based parsers for extracting data from the commit message.
 # Assigns commits to groups.
 # Optionally sets the commit's scope and can decide to exclude commits from further processing.
 commit_parsers = [
    { message = "^feat", group = "Features" },
    { message = "^fix", group = "Bug Fixes" },
    { message = "^docs", group = "Documentation" },
    { message = "^perf", group = "Performance" },
    { message = "^refactor", group = "Refactor" },
    { message = "^style", group = "Styling" },
    { message = "^test", group = "Testing" },
    { message = "^chore\\(release\\): prepare for", skip = true },
    { message = "^chore\\(deps.*\\)", skip = true },
    { message = "^chore\\(pr\\)", skip = true },
    { message = "^chore\\(pull\\)", skip = true },
    { message = "^chore|^ci", group = "Miscellaneous Tasks" },
    { body = ".*security", group = "Security" },
    { message = "^revert", group = "Revert" },
    { message = ".*", group = "Other" },
 ]
 # Exclude commits that are not matched by any commit parser.
 filter_commits = false
 # Fail on a commit that is not matched by any commit parser.
 fail_on_unmatched_commit = false
 # An array of link parsers for extracting external references, and turning them into URLs, using regex.
 link_parsers = []
 # Include only the tags that belong to the current branch.
 use_branch_tags = false
 # Order releases topologically instead of chronologically.
 topo_order = false
 # Order commits topologically instead of chronologically.
 topo_order_commits = true
 # Order of commits in each group/release within the changelog.
 # Allowed values: newest, oldest
 sort_commits = "oldest"
 # Process submodules commits
 recurse_submodules = false
--- a/cmdeploy/pyproject.toml
+++ b/cmdeploy/pyproject.toml
@@ -6,21 +6,19 @@ build-backend = "setuptools.build_meta"
 name = "cmdeploy"
 version = "0.2"
 dependencies = [
-  "pyinfra>=3",
+  "pyinfra",
  "pillow",
  "qrcode",
  "markdown",
  "pytest",
  "setuptools>=68",
  "termcolor",
  "build",
  "tox",
  "ruff",
  "black",
  "pytest",
  "pytest-xdist", 
  "execnet",
  "imap_tools",
  "deltachat-rpc-client",
  "deltachat-rpc-server",
 ]
 [project.scripts]
@@ -32,16 +30,3 @@ cmdeploy = "cmdeploy.cmdeploy:main"
 [tool.pytest.ini_options]
 addopts = "-v -ra --strict-markers"
 [tool.ruff]
 lint.select = [
  "F", # Pyflakes
  "I", # isort
  "PLC", # Pylint Convention
  "PLE", # Pylint Error
  "PLW", # Pylint Warning
 ]
 lint.ignore = [
  "PLC0415" # import-outside-top-level
 ]
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -0,0 +1,578 @@
 """
 Chat Mail pyinfra deploy.
 """
 import sys
 import importlib.resources
 import subprocess
 import shutil
 import io
 from pathlib import Path
 from pyinfra import host
 from pyinfra.operations import apt, files, server, systemd, pip
 from pyinfra.facts.files import File
 from pyinfra.facts.systemd import SystemdEnabled
 from .acmetool import deploy_acmetool
 from chatmaild.config import read_config, Config
 def _build_chatmaild(dist_dir) -> None:
    dist_dir = Path(dist_dir).resolve()
    if dist_dir.exists():
        shutil.rmtree(dist_dir)
    dist_dir.mkdir()
    subprocess.check_output(
        [sys.executable, "-m", "build", "-n"]
        + ["--sdist", "chatmaild", "--outdir", str(dist_dir)]
    )
    entries = list(dist_dir.iterdir())
    assert len(entries) == 1
    return entries[0]
 def remove_legacy_artifacts():
    # disable legacy doveauth-dictproxy.service
    if host.get_fact(SystemdEnabled).get("doveauth-dictproxy.service"):
        systemd.service(
            name="Disable legacy doveauth-dictproxy.service",
            service="doveauth-dictproxy.service",
            running=False,
            enabled=False,
        )
 def _install_remote_venv_with_chatmaild(config) -> None:
    remove_legacy_artifacts()
    dist_file = _build_chatmaild(dist_dir=Path("chatmaild/dist"))
    remote_base_dir = "/usr/local/lib/chatmaild"
    remote_dist_file = f"{remote_base_dir}/dist/{dist_file.name}"
    remote_venv_dir = f"{remote_base_dir}/venv"
    remote_chatmail_inipath = f"{remote_base_dir}/chatmail.ini"
    root_owned = dict(user="root", group="root", mode="644")
    apt.packages(
        name="apt install python3-virtualenv",
        packages=["python3-virtualenv"],
    )
    files.put(
        name="Upload chatmaild source package",
        src=dist_file.open("rb"),
        dest=remote_dist_file,
        create_remote_dir=True,
        **root_owned,
    )
    files.put(
        name=f"Upload {remote_chatmail_inipath}",
        src=config._getbytefile(),
        dest=remote_chatmail_inipath,
        **root_owned,
    )
    pip.virtualenv(
        name=f"chatmaild virtualenv {remote_venv_dir}",
        path=remote_venv_dir,
        always_copy=True,
    )
    server.shell(
        name=f"forced pip-install {dist_file.name}",
        commands=[
            f"{remote_venv_dir}/bin/pip install --force-reinstall {remote_dist_file}"
        ],
    )
    files.template(
        src=importlib.resources.files(__package__).joinpath("metrics.cron.j2"),
        dest="/etc/cron.d/chatmail-metrics",
        user="root",
        group="root",
        mode="644",
        config={
            "mail_domain": config.mail_domain,
            "execpath": f"{remote_venv_dir}/bin/chatmail-metrics",
        },
    )
    # install systemd units
    for fn in (
        "doveauth",
        "filtermail",
        "echobot",
    ):
        params = dict(
            execpath=f"{remote_venv_dir}/bin/{fn}",
            config_path=remote_chatmail_inipath,
            remote_venv_dir=remote_venv_dir,
        )
        source_path = importlib.resources.files("chatmaild").joinpath(f"{fn}.service.f")
        content = source_path.read_text().format(**params).encode()
        files.put(
            name=f"Upload {fn}.service",
            src=io.BytesIO(content),
            dest=f"/etc/systemd/system/{fn}.service",
            **root_owned,
        )
        systemd.service(
            name=f"Setup {fn} service",
            service=f"{fn}.service",
            running=True,
            enabled=True,
            restarted=True,
            daemon_reload=True,
        )
 def _configure_opendkim(domain: str, dkim_selector: str = "dkim") -> bool:
    """Configures OpenDKIM"""
    need_restart = False
    server.group(name="Create opendkim group", group="opendkim", system=True)
    server.user(
        name="Create opendkim user",
        user="opendkim",
        groups=["opendkim"],
        system=True,
    )
    server.user(
        name="Add postfix user to opendkim group for socket access",
        user="postfix",
        groups=["opendkim"],
        system=True,
    )
    main_config = files.template(
        src=importlib.resources.files(__package__).joinpath("opendkim/opendkim.conf"),
        dest="/etc/opendkim.conf",
        user="root",
        group="root",
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
    need_restart |= main_config.changed
    screen_script = files.put(
        src=importlib.resources.files(__package__).joinpath("opendkim/screen.lua"),
        dest="/etc/opendkim/screen.lua",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= screen_script.changed
    final_script = files.put(
        src=importlib.resources.files(__package__).joinpath("opendkim/final.lua"),
        dest="/etc/opendkim/final.lua",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= final_script.changed
    files.directory(
        name="Add opendkim directory to /etc",
        path="/etc/opendkim",
        user="opendkim",
        group="opendkim",
        mode="750",
        present=True,
    )
    keytable = files.template(
        src=importlib.resources.files(__package__).joinpath("opendkim/KeyTable"),
        dest="/etc/dkimkeys/KeyTable",
        user="opendkim",
        group="opendkim",
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
    need_restart |= keytable.changed
    signing_table = files.template(
        src=importlib.resources.files(__package__).joinpath("opendkim/SigningTable"),
        dest="/etc/dkimkeys/SigningTable",
        user="opendkim",
        group="opendkim",
        mode="644",
        config={"domain_name": domain, "opendkim_selector": dkim_selector},
    )
    need_restart |= signing_table.changed
    files.directory(
        name="Add opendkim socket directory to /var/spool/postfix",
        path="/var/spool/postfix/opendkim",
        user="opendkim",
        group="opendkim",
        mode="750",
        present=True,
    )
    apt.packages(
        name="apt install opendkim opendkim-tools",
        packages=["opendkim", "opendkim-tools"],
    )
    if not host.get_fact(File, f"/etc/dkimkeys/{dkim_selector}.private"):
        server.shell(
            name="Generate OpenDKIM domain keys",
            commands=[
                f"opendkim-genkey -D /etc/dkimkeys -d {domain} -s {dkim_selector}"
            ],
            _sudo=True,
            _sudo_user="opendkim",
        )
    return need_restart
 def _install_mta_sts_daemon() -> bool:
    need_restart = False
    config = files.put(
        name="upload postfix-mta-sts-resolver config",
        src=importlib.resources.files(__package__).joinpath(
            "postfix/mta-sts-daemon.yml"
        ),
        dest="/etc/mta-sts-daemon.yml",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= config.changed
    server.shell(
        name="install postfix-mta-sts-resolver with pip",
        commands=[
            "python3 -m virtualenv /usr/local/lib/postfix-mta-sts-resolver",
            "/usr/local/lib/postfix-mta-sts-resolver/bin/pip install postfix-mta-sts-resolver",
        ],
    )
    systemd_unit = files.put(
        name="upload mta-sts-daemon systemd unit",
        src=importlib.resources.files(__package__).joinpath(
            "postfix/mta-sts-daemon.service"
        ),
        dest="/etc/systemd/system/mta-sts-daemon.service",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= systemd_unit.changed
    return need_restart
 def _configure_postfix(config: Config, debug: bool = False) -> bool:
    """Configures Postfix SMTP server."""
    need_restart = False
    main_config = files.template(
        src=importlib.resources.files(__package__).joinpath("postfix/main.cf.j2"),
        dest="/etc/postfix/main.cf",
        user="root",
        group="root",
        mode="644",
        config=config,
    )
    need_restart |= main_config.changed
    master_config = files.template(
        src=importlib.resources.files(__package__).joinpath("postfix/master.cf.j2"),
        dest="/etc/postfix/master.cf",
        user="root",
        group="root",
        mode="644",
        debug=debug,
        config=config,
    )
    need_restart |= master_config.changed
    header_cleanup = files.put(
        src=importlib.resources.files(__package__).joinpath(
            "postfix/submission_header_cleanup"
        ),
        dest="/etc/postfix/submission_header_cleanup",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= header_cleanup.changed
    # Login map that 1:1 maps email address to login.
    login_map = files.put(
        src=importlib.resources.files(__package__).joinpath("postfix/login_map"),
        dest="/etc/postfix/login_map",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= login_map.changed
    return need_restart
 def _configure_dovecot(config: Config, debug: bool = False) -> bool:
    """Configures Dovecot IMAP server."""
    need_restart = False
    main_config = files.template(
        src=importlib.resources.files(__package__).joinpath("dovecot/dovecot.conf.j2"),
        dest="/etc/dovecot/dovecot.conf",
        user="root",
        group="root",
        mode="644",
        config=config,
        debug=debug,
    )
    need_restart |= main_config.changed
    auth_config = files.put(
        src=importlib.resources.files(__package__).joinpath("dovecot/auth.conf"),
        dest="/etc/dovecot/auth.conf",
        user="root",
        group="root",
        mode="644",
    )
    need_restart |= auth_config.changed
    files.template(
        src=importlib.resources.files(__package__).joinpath("dovecot/expunge.cron.j2"),
        dest="/etc/cron.d/expunge",
        user="root",
        group="root",
        mode="644",
        config=config,
    )
    # as per https://doc.dovecot.org/configuration_manual/os/
    # it is recommended to set the following inotify limits
    for name in ("max_user_instances", "max_user_watches"):
        key = f"fs.inotify.{name}"
        server.sysctl(
            name=f"Change {key}",
            key=key,
            value=65535,
            persist=True,
        )
    return need_restart
 def _configure_nginx(domain: str, debug: bool = False) -> bool:
    """Configures nginx HTTP server."""
    need_restart = False
    main_config = files.template(
        src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
        dest="/etc/nginx/nginx.conf",
        user="root",
        group="root",
        mode="644",
        config={"domain_name": domain},
    )
    need_restart |= main_config.changed
    autoconfig = files.template(
        src=importlib.resources.files(__package__).joinpath("nginx/autoconfig.xml.j2"),
        dest="/var/www/html/.well-known/autoconfig/mail/config-v1.1.xml",
        user="root",
        group="root",
        mode="644",
        config={"domain_name": domain},
    )
    need_restart |= autoconfig.changed
    mta_sts_config = files.template(
        src=importlib.resources.files(__package__).joinpath("nginx/mta-sts.txt.j2"),
        dest="/var/www/html/.well-known/mta-sts.txt",
        user="root",
        group="root",
        mode="644",
        config={"domain_name": domain},
    )
    need_restart |= mta_sts_config.changed
    # install CGI newemail script
    #
    cgi_dir = "/usr/lib/cgi-bin"
    files.directory(
        name=f"Ensure {cgi_dir} exists",
        path=cgi_dir,
        user="root",
        group="root",
    )
    files.put(
        name="Upload cgi newemail.py script",
        src=importlib.resources.files("chatmaild").joinpath("newemail.py").open("rb"),
        dest=f"{cgi_dir}/newemail.py",
        user="root",
        group="root",
        mode="755",
    )
    return need_restart
 def _remove_rspamd() -> None:
    """Remove rspamd"""
    apt.packages(name="Remove rspamd", packages="rspamd", present=False)
 def check_config(config):
    mail_domain = config.mail_domain
    if mail_domain != "testrun.org" and not mail_domain.endswith(".testrun.org"):
        blocked_words = "merlinux schmieder testrun.org".split()
        for value in config.__dict__.values():
            if any(x in str(value) for x in blocked_words):
                raise ValueError(
                    f"please set your own privacy contacts/addresses in {config._inipath}"
                )
    return config
 def deploy_chatmail(config_path: Path) -> None:
    """Deploy a chat-mail instance.
    :param config_path: path to chatmail.ini
    """
    config = read_config(config_path)
    check_config(config)
    mail_domain = config.mail_domain
    from .www import build_webpages
    apt.update(name="apt update", cache_time=24 * 3600)
    server.group(name="Create vmail group", group="vmail", system=True)
    server.user(name="Create vmail user", user="vmail", group="vmail", system=True)
    # Run local DNS resolver `unbound`.
    # `resolvconf` takes care of setting up /etc/resolv.conf
    # to use 127.0.0.1 as the resolver.
    apt.packages(
        name="Install unbound",
        packages=["unbound", "unbound-anchor", "dnsutils"],
    )
    server.shell(
        name="Generate root keys for validating DNSSEC",
        commands=[
            "unbound-anchor -a /var/lib/unbound/root.key || true",
            "systemctl reset-failed unbound.service",
        ],
    )
    systemd.service(
        name="Start and enable unbound",
        service="unbound.service",
        running=True,
        enabled=True,
    )
    # Deploy acmetool to have TLS certificates.
    deploy_acmetool(
        nginx_hook=True,
        domains=[mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"],
    )
    apt.packages(
        name="Install Postfix",
        packages="postfix",
    )
    apt.packages(
        name="Install Dovecot",
        packages=["dovecot-imapd", "dovecot-lmtpd"],
    )
    apt.packages(
        name="Install nginx",
        packages=["nginx"],
    )
    apt.packages(
        name="Install fcgiwrap",
        packages=["fcgiwrap"],
    )
    www_path = importlib.resources.files(__package__).joinpath("../../../www").resolve()
    build_dir = www_path.joinpath("build")
    src_dir = www_path.joinpath("src")
    build_webpages(src_dir, build_dir, config)
    files.rsync(f"{build_dir}/", "/var/www/html", flags=["-avz"])
    _install_remote_venv_with_chatmaild(config)
    debug = False
    dovecot_need_restart = _configure_dovecot(config, debug=debug)
    postfix_need_restart = _configure_postfix(config, debug=debug)
    mta_sts_need_restart = _install_mta_sts_daemon()
    nginx_need_restart = _configure_nginx(mail_domain)
    _remove_rspamd()
    opendkim_need_restart = _configure_opendkim(mail_domain, "opendkim")
    systemd.service(
        name="Start and enable OpenDKIM",
        service="opendkim.service",
        running=True,
        enabled=True,
        restarted=opendkim_need_restart,
    )
    systemd.service(
        name="Start and enable MTA-STS daemon",
        service="mta-sts-daemon.service",
        daemon_reload=True,
        running=True,
        enabled=True,
        restarted=mta_sts_need_restart,
    )
    systemd.service(
        name="Start and enable Postfix",
        service="postfix.service",
        running=True,
        enabled=True,
        restarted=postfix_need_restart,
    )
    systemd.service(
        name="Start and enable Dovecot",
        service="dovecot.service",
        running=True,
        enabled=True,
        restarted=dovecot_need_restart,
    )
    systemd.service(
        name="Start and enable nginx",
        service="nginx.service",
        running=True,
        enabled=True,
        restarted=nginx_need_restart,
    )
    # This file is used by auth proxy.
    # https://wiki.debian.org/EtcMailName
    server.shell(
        name="Setup /etc/mailname",
        commands=[f"echo {mail_domain} >/etc/mailname; chmod 644 /etc/mailname"],
    )
    journald_conf = files.put(
        name="Configure journald",
        src=importlib.resources.files(__package__).joinpath("journald.conf"),
        dest="/etc/systemd/journald.conf",
        user="root",
        group="root",
        mode="644",
    )
    systemd.service(
        name="Start and enable journald",
        service="systemd-journald.service",
        running=True,
        enabled=True,
        restarted=journald_conf,
    )
--- a/cmdeploy/src/cmdeploy/acmetool/init.py
+++ b/cmdeploy/src/cmdeploy/acmetool/init.py
@@ -1,56 +1,78 @@
-from pyinfra.operations import apt, server
+import importlib.resources
-from ..basedeploy import Deployer
+from pyinfra.operations import apt, files, systemd, server
 from pyinfra import host
 from pyinfra.facts.systemd import SystemdStatus
-class AcmetoolDeployer(Deployer):
+def deploy_acmetool(nginx_hook=False, email="", domains=[]):
-    def __init__(self, email, domains):
+    """Deploy acmetool."""
-        self.domains = domains
+    apt.packages(
-        self.email = email
+        name="Install acmetool",
        packages=["acmetool"],
    )
-    def install(self):
+    files.put(
-        apt.packages(
+        src=importlib.resources.files(__package__).joinpath("acmetool.cron").open("rb"),
-            name="Install acmetool",
+        dest="/etc/cron.d/acmetool",
-            packages=["acmetool"],
+        user="root",
        group="root",
        mode="644",
    )
    if nginx_hook:
        files.put(
            src=importlib.resources.files(__package__)
            .joinpath("acmetool.hook")
            .open("rb"),
            dest="/usr/lib/acme/hooks/nginx",
            user="root",
            group="root",
            mode="744",
        )
-        self.remove_file("/etc/cron.d/acmetool")
+    files.template(
        src=importlib.resources.files(__package__).joinpath("response-file.yaml.j2"),
        dest="/var/lib/acme/conf/responses",
        user="root",
        group="root",
        mode="644",
        email=email,
    )
-        self.put_executable("acmetool/acmetool.hook", "/etc/acme/hooks/nginx")
+    files.template(
-        self.remove_file("/usr/lib/acme/hooks/nginx")
+        src=importlib.resources.files(__package__).joinpath("target.yaml.j2"),
        dest="/var/lib/acme/conf/target",
        user="root",
        group="root",
        mode="644",
    )
-    def configure(self):
+    service_file = files.put(
-        self.put_template(
+        src=importlib.resources.files(__package__).joinpath(
-            "acmetool/response-file.yaml.j2",
+            "acmetool-redirector.service"
-            "/var/lib/acme/conf/responses",
+        ),
-            email=self.email,
+        dest="/etc/systemd/system/acmetool-redirector.service",
        user="root",
        group="root",
        mode="644",
    )
    if host.get_fact(SystemdStatus).get("nginx.service"):
        systemd.service(
            name="Stop nginx service to free port 80",
            service="nginx",
            running=False,
        )
-        self.put_template(
+    systemd.service(
-            "acmetool/target.yaml.j2",
+        name="Setup acmetool-redirector service",
-            "/var/lib/acme/conf/target",
+        service="acmetool-redirector.service",
-        )
+        running=True,
        enabled=True,
        restarted=service_file.changed,
    )
-        server.shell(
+    server.shell(
-            name=f"Remove old acmetool desired files for {self.domains[0]}",
+        name=f"Request certificate for: { ', '.join(domains) }",
-            commands=[f"rm -f /var/lib/acme/desired/{self.domains[0]}-*"],
+        commands=[f"acmetool want { ' '.join(domains)}"],
-        )
+    )
        self.put_template(
            "acmetool/desired.yaml.j2",
            f"/var/lib/acme/desired/{self.domains[0]}",
            domains=self.domains,
        )
        self.ensure_systemd_unit("acmetool/acmetool-redirector.service")
        self.ensure_systemd_unit("acmetool/acmetool-reconcile.service")
        self.ensure_systemd_unit("acmetool/acmetool-reconcile.timer")
    def activate(self):
        self.ensure_service("acmetool-redirector.service")
        self.ensure_service("acmetool-reconcile.service", running=False, enabled=False)
        self.ensure_service("acmetool-reconcile.timer")
        server.shell(
            name=f"Reconcile certificates for: {', '.join(self.domains)}",
            commands=["acmetool --batch --xlog.severity=debug reconcile"],
        )
--- a/cmdeploy/src/cmdeploy/acmetool/acmetool-reconcile.service
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool-reconcile.service
@@ -1,8 +0,0 @@
 [Unit]
 Description=Renew TLS certificates with acmetool
 After=network.target
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/acmetool --batch reconcile
--- a/cmdeploy/src/cmdeploy/acmetool/acmetool-reconcile.timer
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool-reconcile.timer
@@ -1,8 +0,0 @@
 [Unit]
 Description=Renew TLS certificates with acmetool
 [Timer]
 OnCalendar=*-*-* 16:20:00
 [Install]
 WantedBy=timers.target
--- a/cmdeploy/src/cmdeploy/acmetool/acmetool-redirector.service
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool-redirector.service
@@ -3,7 +3,7 @@ Description=acmetool HTTP redirector
 [Service]
 Type=notify
-ExecStart=/usr/bin/acmetool redirector --service.uid=daemon --bind=127.0.0.1:402
+ExecStart=/usr/bin/acmetool redirector --service.uid=daemon
 Restart=always
 RestartSec=30
--- a/cmdeploy/src/cmdeploy/acmetool/acmetool.cron
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool.cron
@@ -0,0 +1,4 @@
 SHELL=/bin/sh
 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
 MAILTO=root
 20 16 * * * root /usr/bin/acmetool --batch reconcile
--- a/cmdeploy/src/cmdeploy/acmetool/acmetool.hook
+++ b/cmdeploy/src/cmdeploy/acmetool/acmetool.hook
@@ -3,5 +3,3 @@ set -e
 EVENT_NAME="$1"
 [ "$EVENT_NAME" = "live-updated" ] || exit 42
 systemctl restart nginx.service
 systemctl reload dovecot.service
 systemctl reload postfix.service
--- a/cmdeploy/src/cmdeploy/acmetool/desired.yaml.j2
+++ b/cmdeploy/src/cmdeploy/acmetool/desired.yaml.j2
@@ -1,6 +0,0 @@
 satisfy:
  names:
 {%- for domain in domains %}
  - {{ domain }}
 {%- endfor %}
--- a/cmdeploy/src/cmdeploy/acmetool/response-file.yaml.j2
+++ b/cmdeploy/src/cmdeploy/acmetool/response-file.yaml.j2
@@ -1,2 +1,2 @@
 "acme-enter-email": "{{ email }}"
-"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf": true
+"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf": true
--- a/cmdeploy/src/cmdeploy/acmetool/target.yaml.j2
+++ b/cmdeploy/src/cmdeploy/acmetool/target.yaml.j2
@@ -1,8 +1,7 @@
 request:
  provider: https://acme-v02.api.letsencrypt.org/directory
  key:
-    type: ecdsa
+    type: rsa
    ecdsa-curve: nistp256
  challenge:
    webroot-paths:
    - /var/www/html/.well-known/acme-challenge
--- a/cmdeploy/src/cmdeploy/basedeploy.py
+++ b/cmdeploy/src/cmdeploy/basedeploy.py
@@ -1,255 +0,0 @@
 import importlib.resources
 import io
 import os
 from contextlib import contextmanager
 from pyinfra import host
 from pyinfra.facts.files import Sha256File
 from pyinfra.facts.server import Command
 from pyinfra.operations import files, server, systemd
 def has_systemd():
    """Returns False during Docker image builds or any other non-systemd environment."""
    return os.path.isdir("/run/systemd/system")
 def is_in_container() -> bool:
    """Return True if running inside a container (Docker, LXC, etc.)."""
    return (
        host.get_fact(
            Command,
            "systemd-detect-virt --container --quiet 2>/dev/null && echo yes || true",
        )
        == "yes"
    )
@contextmanager
 def blocked_service_startup():
    """Prevent services from auto-starting during package installation.
    Installs a ``/usr/sbin/policy-rc.d`` that exits 101, blocking any
    service from being started by the package manager.  This avoids bind
    conflicts and CPU/RAM spikes during initial setup.  The file is removed
    when the context exits.
    """
    # For documentation about policy-rc.d, see:
    # https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt
    files.put(
        src=get_resource("policy-rc.d"),
        dest="/usr/sbin/policy-rc.d",
        user="root",
        group="root",
        mode="755",
    )
    yield
    files.file("/usr/sbin/policy-rc.d", present=False)
 def get_resource(arg, pkg=__package__):
    return importlib.resources.files(pkg).joinpath(arg)
 def configure_remote_units(deployer, mail_domain, units) -> None:
    remote_base_dir = "/usr/local/lib/chatmaild"
    remote_venv_dir = f"{remote_base_dir}/venv"
    remote_chatmail_inipath = f"{remote_base_dir}/chatmail.ini"
    # install systemd units
    for fn in units:
        params = dict(
            execpath=f"{remote_venv_dir}/bin/{fn}",
            config_path=remote_chatmail_inipath,
            remote_venv_dir=remote_venv_dir,
            mail_domain=mail_domain,
        )
        basename = fn if "." in fn else f"{fn}.service"
        source_path = get_resource(f"service/{basename}.f")
        content = source_path.read_text().format(**params).encode()
        deployer.put_file(
            src=io.BytesIO(content),
            dest=f"/etc/systemd/system/{basename}",
        )
 def activate_remote_units(deployer, units) -> None:
    # activate systemd units
    for fn in units:
        basename = fn if "." in fn else f"{fn}.service"
        if fn == "chatmail-expire" or fn == "chatmail-fsreport":
            # don't auto-start but let the corresponding timer trigger execution
            enabled = False
        else:
            enabled = True
        deployer.ensure_service(basename, running=enabled, enabled=enabled)
 class Deployment:
    def install(self, deployer):
        # optional 'required_users' contains a list of (user, group, secondary-group-list) tuples.
        # If the group is None, no group is created corresponding to that user.
        # If the secondary group list is not None, all listed groups are created as well.
        required_users = getattr(deployer, "required_users", [])
        for user, group, groups in required_users:
            if group is not None:
                server.group(
                    name="Create {} group".format(group), group=group, system=True
                )
            if groups is not None:
                for group2 in groups:
                    server.group(
                        name="Create {} group".format(group2), group=group2, system=True
                    )
            server.user(
                name="Create {} user".format(user),
                user=user,
                group=group,
                groups=groups,
                system=True,
            )
        deployer.install()
    def configure(self, deployer):
        deployer.configure()
    def activate(self, deployer):
        deployer.activate()
    def perform_stages(self, deployers):
        default_stages = "install,configure,activate"
        stages = os.getenv("CMDEPLOY_STAGES", default_stages).split(",")
        for stage in stages:
            for deployer in deployers:
                getattr(self, stage)(deployer)
 class Deployer:
    need_restart = False
    daemon_reload = False
    def install(self):
        pass
    def configure(self):
        pass
    def activate(self):
        pass
    def ensure_service(self, service, running=True, enabled=True):
        if running:
            verb = "Start and enable"
        else:
            verb = "Stop"
        systemd.service(
            name=f"{verb} {service}",
            service=service,
            running=running,
            enabled=enabled,
            restarted=self.need_restart if running else False,
            daemon_reload=self.daemon_reload,
        )
        self.daemon_reload = False
    def ensure_systemd_unit(self, src, **kwargs):
        dest_name = src.split("/")[-1].replace(".j2", "")
        dest = f"/etc/systemd/system/{dest_name}"
        if src.endswith(".j2"):
            return self.put_template(src, dest, **kwargs)
        return self.put_file(src, dest)
    def put_file(self, src, dest, mode="644"):
        if isinstance(src, str):
            src = get_resource(src)
        res = files.put(
            name=f"Upload {dest}",
            src=src,
            dest=dest,
            user="root",
            group="root",
            mode=mode,
        )
        return self._update_restart_signals(dest, res)
    def put_executable(self, src, dest):
        return self.put_file(src, dest, mode="755")
    def put_template(self, src, dest, owner="root", **kwargs):
        if isinstance(src, str):
            src = get_resource(src)
        res = files.template(
            name=f"Upload {dest}",
            src=src,
            dest=dest,
            user=owner,
            group=owner,
            mode="644",
            **kwargs,
        )
        return self._update_restart_signals(dest, res)
    def remove_file(self, dest):
        res = files.file(name=f"Remove {dest}", path=dest, present=False)
        return self._update_restart_signals(dest, res)
    def ensure_line(self, path, line, **kwargs):
        name = kwargs.pop("name", f"Ensure line in {path}")
        res = files.line(name=name, path=path, line=line, **kwargs)
        return self._update_restart_signals(path, res)
    def ensure_directory(self, path, owner="root", mode="755", **kwargs):
        name = kwargs.pop("name", f"Ensure directory {path}")
        res = files.directory(
            name=name,
            path=path,
            user=owner,
            group=owner,
            mode=mode,
            present=True,
            **kwargs,
        )
        return self._update_restart_signals(path, res)
    def remove_directory(self, path, **kwargs):
        name = kwargs.pop("name", f"Remove directory {path}")
        res = files.directory(name=name, path=path, present=False, **kwargs)
        return self._update_restart_signals(path, res)
    def download_executable(self, url, dest, sha256sum, extract=None):
        existing = host.get_fact(Sha256File, dest)
        if existing == sha256sum:
            return
        tmp = f"{dest}.new"
        if extract:
            dl_cmd = f"curl -fSL {url} | {extract} >{tmp}"
        else:
            dl_cmd = f"curl -fSL {url} -o {tmp}"
        server.shell(
            name=f"Download {dest}",
            commands=[
                f"({dl_cmd}"
                f" && echo '{sha256sum}  {tmp}' | sha256sum -c"
                f" && mv {tmp} {dest})",
                f"chmod 755 {dest}",
            ],
        )
        self.need_restart = True
    def _update_restart_signals(self, path, res):
        if res.changed:
            self.need_restart = True
            if str(path).startswith("/etc/systemd/system/"):
                self.daemon_reload = True
        return res
--- a/cmdeploy/src/cmdeploy/chatmail.zone.f
+++ b/cmdeploy/src/cmdeploy/chatmail.zone.f
@@ -0,0 +1,15 @@
 {chatmail_domain}.                   A     {ipv4}
 {chatmail_domain}.                   AAAA  {ipv6}
 {chatmail_domain}.                   MX 10 {chatmail_domain}.
 _submission._tcp.{chatmail_domain}.  SRV 0 1 587 {chatmail_domain}.
 _submissions._tcp.{chatmail_domain}. SRV 0 1 465 {chatmail_domain}.
 _imap._tcp.{chatmail_domain}.        SRV 0 1 143 {chatmail_domain}.
 _imaps._tcp.{chatmail_domain}.       SRV 0 1 993 {chatmail_domain}.
 {chatmail_domain}.                   CAA 128 issue "letsencrypt.org;accounturi={acme_account_url}"
 {chatmail_domain}.                   TXT "v=spf1 a:{chatmail_domain} -all"
 _dmarc.{chatmail_domain}.            TXT "v=DMARC1;p=reject;adkim=s;aspf=s"
 _mta-sts.{chatmail_domain}.          TXT "v=STSv1; id={sts_id}"
 mta-sts.{chatmail_domain}.           CNAME {chatmail_domain}.
 www.{chatmail_domain}.               CNAME {chatmail_domain}.
 {dkim_entry}
 _adsp._domainkey.{chatmail_domain}.  TXT "dkim=discardable"
--- a/cmdeploy/src/cmdeploy/cmdeploy.py
+++ b/cmdeploy/src/cmdeploy/cmdeploy.py
@@ -4,21 +4,19 @@ along with command line option and subcommand parsing.
 """
 import argparse
 import importlib.resources
 import os
 import pathlib
 import shutil
 import subprocess
 import importlib.resources
 import importlib.util
 import os
 import sys
 from pathlib import Path
 import pyinfra
 from chatmaild.config import read_config, write_initial_config
 from packaging import version
 from termcolor import colored
-from . import dns, remote
+from termcolor import colored
-from .sshexec import LocalExec, SSHExec
+from chatmaild.config import read_config, write_initial_config
 from cmdeploy.dns import show_dns, check_necessary_dns
 #
 # cmdeploy sub commands and options
@@ -31,30 +29,20 @@ def init_cmd_options(parser):
        action="store",
        help="fully qualified DNS domain name for your chatmail instance",
    )
    parser.add_argument(
        "--force",
        dest="recreate_ini",
        action="store_true",
        help="force reacreate ini file",
    )
 def init_cmd(args, out):
    """Initialize chatmail config file."""
    mail_domain = args.chatmail_domain
    inipath = args.inipath
    if args.inipath.exists():
-        if not args.recreate_ini:
+        print(f"Path exists, not modifying: {args.inipath}")
-            print(f"[WARNING] Path exists, not modifying: {inipath}")
+    else:
-            return 1
+        write_initial_config(args.inipath, mail_domain)
-        else:
+        out.green(f"created config file for {mail_domain} in {args.inipath}")
-            print(
+    check_necessary_dns(
-                f"[WARNING] Force argument was provided, deleting config file: {inipath}"
+        out,
-            )
+        mail_domain,
-            inipath.unlink()
+    )
    write_initial_config(inipath, mail_domain, overrides={})
    out.green(f"created config file for {mail_domain} in {inipath}")
 def run_cmd_options(parser):
@@ -64,121 +52,45 @@ def run_cmd_options(parser):
        action="store_true",
        help="don't actually modify the server",
    )
    parser.add_argument(
        "--disable-mail",
        dest="disable_mail",
        action="store_true",
        help="install/upgrade the server, but disable postfix & dovecot for now",
    )
    parser.add_argument(
        "--website-only",
        action="store_true",
        help="only update/deploy the website, skipping full server upgrade/deployment, useful when you only changed/updated the web pages and don't need to re-run a full server upgrade",
    )
    parser.add_argument(
        "--skip-dns-check",
        dest="dns_check_disabled",
        action="store_true",
        help="disable checks nslookup for dns",
    )
    add_ssh_host_option(parser)
 def run_cmd(args, out):
    """Deploy chatmail services on the remote server."""
-
+    mail_domain = args.config.mail_domain
-    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
+    if not check_necessary_dns(
-    sshexec = get_sshexec(ssh_host)
+        out,
-    require_iroh = args.config.enable_iroh_relay
+        mail_domain,
-    strict_tls = args.config.tls_cert_mode == "acme"
+    ):
-    if not args.dns_check_disabled:
+        sys.exit(1)
        remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
        if not dns.check_initial_remote_data(remote_data, strict_tls=strict_tls, print=out.red):
            return 1
    env = os.environ.copy()
    env["CHATMAIL_INI"] = args.inipath
-    env["CHATMAIL_WEBSITE_ONLY"] = "True" if args.website_only else ""
+    deploy_path = importlib.resources.files(__package__).joinpath("deploy.py").resolve()
    env["CHATMAIL_DISABLE_MAIL"] = "True" if args.disable_mail else ""
    env["CHATMAIL_REQUIRE_IROH"] = "True" if require_iroh else ""
    deploy_path = importlib.resources.files(__package__).joinpath("run.py").resolve()
    pyinf = "pyinfra --dry" if args.dry_run else "pyinfra"
    cmd = f"{pyinf} --ssh-user root {args.config.mail_domain} {deploy_path}"
-    cmd = f"{pyinf} --ssh-user root {ssh_host} {deploy_path} -y"
+    out.check_call(cmd, env=env)
-    if ssh_host == "localhost":
+    print("Deploy completed, call `cmdeploy dns` next.")
        cmd = f"{pyinf} @local {deploy_path} -y"
    if version.parse(pyinfra.__version__) < version.parse("3"):
        out.red("Please re-run scripts/initenv.sh to update pyinfra to version 3.")
        return 1
    try:
        out.check_call(cmd, env=env)
        if args.website_only:
            out.green("Website deployment completed.")
        elif not args.dns_check_disabled and strict_tls and not remote_data["acme_account_url"]:
            out.red("Deploy completed but letsencrypt not configured")
            out.red("Run 'cmdeploy run' again")
        else:
            out.green("Deploy completed, call `cmdeploy dns` next.")
        return 0
    except subprocess.CalledProcessError:
        out.red("Deploy failed")
        return 1
 def dns_cmd_options(parser):
    parser.add_argument(
        "--zonefile",
        dest="zonefile",
-        type=pathlib.Path,
+        help="print the whole zonefile for deploying directly",
        default=None,
        help="write out a zonefile",
    )
    add_ssh_host_option(parser)
 def dns_cmd(args, out):
-    """Check DNS entries and optionally generate dns zone file."""
+    """Generate dns zone file."""
-    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
+    exit_code = show_dns(args, out)
-    sshexec = get_sshexec(ssh_host, verbose=args.verbose)
+    exit(exit_code)
    tls_cert_mode = args.config.tls_cert_mode
    strict_tls = tls_cert_mode == "acme"
    remote_data = dns.get_initial_remote_data(sshexec, args.config.mail_domain)
    if not dns.check_initial_remote_data(remote_data, strict_tls=strict_tls):
        return 1
    if strict_tls and not remote_data["acme_account_url"]:
        out.red("could not get letsencrypt account url, please run 'cmdeploy run'")
        return 1
    if not remote_data["dkim_entry"]:
        out.red("could not determine dkim_entry, please run 'cmdeploy run'")
        return 1
    remote_data["strict_tls"] = strict_tls
    zonefile = dns.get_filled_zone_file(remote_data)
    if args.zonefile:
        args.zonefile.write_text(zonefile)
        out.green(f"DNS records successfully written to: {args.zonefile}")
        return 0
    retcode = dns.check_full_zone(
        sshexec, remote_data=remote_data, zonefile=zonefile, out=out
    )
    return retcode
 def status_cmd_options(parser):
    add_ssh_host_option(parser)
 def status_cmd(args, out):
    """Display status for online chatmail instance."""
-    ssh_host = args.ssh_host if args.ssh_host else args.config.mail_domain
+    ssh = f"ssh root@{args.config.mail_domain}"
    sshexec = get_sshexec(ssh_host, verbose=args.verbose)
    out.green(f"chatmail domain: {args.config.mail_domain}")
    if args.config.privacy_mail:
@@ -186,21 +98,30 @@ def status_cmd(args, out):
    else:
        out.red("no privacy settings")
-    for line in sshexec(remote.rshell.get_systemd_running):
+    s1 = "systemctl --type=service --state=running"
-        print(line)
+    for line in out.shell_output(f"{ssh} -- {s1}").split("\n"):
        if line.startswith("  "):
            print(line)
 def test_cmd_options(parser):
-    add_ssh_host_option(parser)
+    parser.add_argument(
        "--slow",
        dest="slow",
        action="store_true",
        help="also run slow tests",
    )
 def test_cmd(args, out):
-    """Run local and online tests for chatmail deployment."""
+    """Run local and online tests for chatmail deployment.
-    env = os.environ.copy()
+    This will automatically pip-install 'deltachat' if it's not available.
-    env["CHATMAIL_INI"] = str(args.inipath.absolute())
+    """
-    if args.ssh_host:
+
-        env["CHATMAIL_SSH"] = args.ssh_host
+    x = importlib.util.find_spec("deltachat")
    if x is None:
        out.check_call(f"{sys.executable} -m pip install deltachat")
    pytest_path = shutil.which("pytest")
    pytest_args = [
@@ -209,14 +130,24 @@ def test_cmd(args, out):
        "-n4",
        "-rs",
        "-x",
-        "-v",
+        "-vrx",
        "--durations=5",
    ]
-    ret = out.run_ret(pytest_args, env=env)
+    if args.slow:
        pytest_args.append("--slow")
    ret = out.run_ret(pytest_args)
    return ret
 def fmt_cmd_options(parser):
    parser.add_argument(
        "--verbose",
        "-v",
        dest="verbose",
        action="store_true",
        help="provide information on invocations",
    )
    parser.add_argument(
        "--check",
        "-c",
@@ -226,31 +157,27 @@ def fmt_cmd_options(parser):
 def fmt_cmd(args, out):
-    """Run formattting fixes on all chatmail source code."""
+    """Run formattting fixes (ruff and black) on all chatmail source code."""
-    chatmaild_dir = importlib.resources.files("chatmaild").resolve()
+    sources = [str(importlib.resources.files(x)) for x in ("chatmaild", "cmdeploy")]
-    cmdeploy_dir = chatmaild_dir.joinpath(
+    black_args = [shutil.which("black")]
-        "..", "..", "..", "cmdeploy", "src", "cmdeploy"
+    ruff_args = [shutil.which("ruff")]
    ).resolve()
    sources = [str(chatmaild_dir), str(cmdeploy_dir)]
    format_args = [shutil.which("ruff"), "format"]
    check_args = [shutil.which("ruff"), "check"]
    if args.check:
-        format_args.append("--diff")
+        black_args.append("--check")
    else:
-        check_args.append("--fix")
+        ruff_args.append("--fix")
    if not args.verbose:
-        check_args.append("--quiet")
+        black_args.append("-q")
-        format_args.append("--quiet")
+        ruff_args.append("-q")
-    format_args.extend(sources)
+    black_args.extend(sources)
-    check_args.extend(sources)
+    ruff_args.extend(sources)
-    out.check_call(" ".join(format_args), quiet=not args.verbose)
+    out.check_call(" ".join(black_args), quiet=not args.verbose)
-    out.check_call(" ".join(check_args), quiet=not args.verbose)
+    out.check_call(" ".join(ruff_args), quiet=not args.verbose)
    return 0
 def bench_cmd(args, out):
@@ -286,6 +213,16 @@ class Out:
        color = "red" if red else ("green" if green else None)
        print(colored(msg, color), file=file)
    def shell_output(self, arg, no_print=False, timeout=10):
        if not no_print:
            self(f"[$ {arg}]", file=sys.stderr)
            output = subprocess.STDOUT
        else:
            output = subprocess.DEVNULL
        return subprocess.check_output(
            arg, shell=True, timeout=timeout, stderr=output
        ).decode()
    def check_call(self, arg, env=None, quiet=False):
        if not quiet:
            self(f"[$ {arg}]", file=sys.stderr)
@@ -295,36 +232,19 @@ class Out:
        if not quiet:
            cmdstring = " ".join(args)
            self(f"[$ {cmdstring}]", file=sys.stderr)
-        proc = subprocess.run(args, env=env, check=False)
+        proc = subprocess.run(args, env=env)
        return proc.returncode
 def add_ssh_host_option(parser):
    parser.add_argument(
        "--ssh-host",
        dest="ssh_host",
        help="Run commands on 'localhost' or on a specific SSH host "
        "instead of chatmail.ini's mail_domain.",
    )
 def add_config_option(parser):
    parser.add_argument(
        "--config",
        dest="inipath",
        action="store",
-        default=Path(os.environ.get("CHATMAIL_INI", "chatmail.ini")),
+        default=Path("chatmail.ini"),
        type=Path,
        help="path to the chatmail.ini file",
    )
    parser.add_argument(
        "--verbose",
        "-v",
        dest="verbose",
        action="store_true",
        default=False,
        help="provide verbose logging",
    )
 def add_subcommand(subparsers, func):
@@ -363,21 +283,12 @@ def get_parser():
    return parser
 def get_sshexec(ssh_host: str, verbose=True):
    if ssh_host in ["localhost", "@local"]:
        return LocalExec(verbose)
    if verbose:
        print(f"[ssh] login to {ssh_host}")
    return SSHExec(ssh_host, verbose=verbose)
 def main(args=None):
-    """Provide main entry point for 'cmdeploy' CLI invocation."""
+    """Provide main entry point for 'xdcget' CLI invocation."""
    parser = get_parser()
    args = parser.parse_args(args=args)
    if not hasattr(args, "func"):
        return parser.parse_args(["-h"])
    out = Out()
    kwargs = {}
    if args.func.__name__ not in ("init_cmd", "fmt_cmd"):
@@ -395,6 +306,7 @@ def main(args=None):
        if res is None:
            res = 0
        return res
    except KeyboardInterrupt:
        out.red("KeyboardInterrupt")
        sys.exit(130)
--- a/cmdeploy/src/cmdeploy/deploy.py
+++ b/cmdeploy/src/cmdeploy/deploy.py
@@ -0,0 +1,17 @@
 import os
 import importlib.resources
 import pyinfra
 from cmdeploy import deploy_chatmail
 def main():
    config_path = os.getenv(
        "CHATMAIL_INI",
        importlib.resources.files("cmdeploy").joinpath("../../../chatmail.ini"),
    )
    deploy_chatmail(config_path)
 if pyinfra.is_cli:
    main()
--- a/cmdeploy/src/cmdeploy/deployers.py
+++ b/cmdeploy/src/cmdeploy/deployers.py
@@ -1,555 +0,0 @@
 """
 Chat Mail pyinfra deploy.
 """
 import shutil
 import subprocess
 import sys
 from io import BytesIO, StringIO
 from pathlib import Path
 from chatmaild.config import read_config
 from pyinfra import facts, host, logger
 from pyinfra.api import FactBase
 from pyinfra.facts import hardware
 from pyinfra.facts.systemd import SystemdEnabled
 from pyinfra.operations import apt, files, pip, server, systemd
 from cmdeploy.cmdeploy import Out
 from .acmetool import AcmetoolDeployer
 from .basedeploy import (
    Deployer,
    Deployment,
    activate_remote_units,
    blocked_service_startup,
    configure_remote_units,
    has_systemd,
    is_in_container,
 )
 from .dovecot.deployer import DovecotDeployer
 from .external.deployer import ExternalTlsDeployer
 from .filtermail.deployer import FiltermailDeployer
 from .mtail.deployer import MtailDeployer
 from .nginx.deployer import NginxDeployer
 from .opendkim.deployer import OpendkimDeployer
 from .postfix.deployer import PostfixDeployer
 from .selfsigned.deployer import SelfSignedTlsDeployer
 from .www import build_webpages, find_merge_conflict, get_paths
 class Port(FactBase):
    """
    Returns the process occupying a port.
    """
    def command(self, port: int) -> str:
        return (
            "ss -lptn 'src :%d' | awk 'NR>1 {print $6,$7}' | sed 's/users:((\"//;s/\".*//'"
            % (port,)
        )
    def process(self, output: [str]) -> str:
        return output[0]
 def _build_chatmaild(dist_dir) -> None:
    dist_dir = Path(dist_dir).resolve()
    if dist_dir.exists():
        shutil.rmtree(dist_dir)
    dist_dir.mkdir()
    subprocess.check_output(
        [sys.executable, "-m", "build", "-n"]
        + ["--sdist", "chatmaild", "--outdir", str(dist_dir)]
    )
    entries = list(dist_dir.iterdir())
    assert len(entries) == 1
    return entries[0]
 def remove_legacy_artifacts():
    if not has_systemd():
        return
    # disable legacy doveauth-dictproxy.service
    if host.get_fact(SystemdEnabled).get("doveauth-dictproxy.service"):
        systemd.service(
            name="Disable legacy doveauth-dictproxy.service",
            service="doveauth-dictproxy.service",
            running=False,
            enabled=False,
        )
 def _install_remote_venv_with_chatmaild(deployer) -> None:
    remove_legacy_artifacts()
    dist_file = _build_chatmaild(dist_dir=Path("chatmaild/dist"))
    remote_base_dir = "/usr/local/lib/chatmaild"
    remote_dist_file = f"{remote_base_dir}/dist/{dist_file.name}"
    remote_venv_dir = f"{remote_base_dir}/venv"
    apt.packages(
        name="apt install python3-virtualenv",
        packages=["python3-virtualenv"],
    )
    deployer.ensure_directory(f"{remote_base_dir}/dist")
    deployer.put_file(
        src=dist_file.open("rb"),
        dest=remote_dist_file,
    )
    pip.virtualenv(
        name=f"chatmaild virtualenv {remote_venv_dir}",
        path=remote_venv_dir,
        always_copy=True,
    )
    apt.packages(
        name="install gcc and headers to build crypt_r source package",
        packages=["gcc", "python3-dev"],
    )
    server.shell(
        name=f"forced pip-install {dist_file.name}",
        commands=[
            f"{remote_venv_dir}/bin/pip install --force-reinstall {remote_dist_file}"
        ],
    )
 def _configure_remote_venv_with_chatmaild(deployer, config) -> None:
    remote_base_dir = "/usr/local/lib/chatmaild"
    remote_chatmail_inipath = f"{remote_base_dir}/chatmail.ini"
    deployer.put_file(
        src=config._getbytefile(),
        dest=remote_chatmail_inipath,
    )
    deployer.remove_file("/etc/cron.d/chatmail-metrics")
    deployer.remove_file("/var/www/html/metrics")
 class UnboundDeployer(Deployer):
    def __init__(self, config):
        self.config = config
    def install(self):
        # On an IPv4-only system, if unbound is started but not configured,
        # it causes subsequent steps to fail to resolve hosts.
        with blocked_service_startup():
            apt.packages(
                name="Install unbound",
                packages=["unbound", "unbound-anchor", "dnsutils"],
            )
    def configure(self):
        # Remove dynamic resolver managers that compete for /etc/resolv.conf.
        apt.packages(
            name="Purge resolvconf",
            packages=["resolvconf"],
            present=False,
            extra_uninstall_args="--purge",
        )
        # systemd-resolved can't be purged due to dependencies; stop and mask.
        server.shell(
            name="Stop and mask systemd-resolved",
            commands=[
                "systemctl stop systemd-resolved.service || true",
                "systemctl mask systemd-resolved.service",
            ],
        )
        # Configure unbound resolver with Quad9 fallback and a trailing newline
        # (SolusVM bug).
        self.put_file(
            src=BytesIO(b"nameserver 127.0.0.1\nnameserver 9.9.9.9\n"),
            dest="/etc/resolv.conf",
        )
        server.shell(
            name="Generate root keys for validating DNSSEC",
            commands=[
                "unbound-anchor -a /var/lib/unbound/root.key || true",
            ],
        )
        if self.config.disable_ipv6:
            self.ensure_directory(
                path="/etc/unbound/unbound.conf.d",
            )
            self.put_template(
                "unbound/unbound.conf.j2",
                "/etc/unbound/unbound.conf.d/chatmail.conf",
            )
        else:
            self.remove_file("/etc/unbound/unbound.conf.d/chatmail.conf")
    def activate(self):
        server.shell(
            name="Generate root keys for validating DNSSEC",
            commands=[
                "systemctl reset-failed unbound.service",
            ],
        )
        self.ensure_service("unbound.service")
        self.ensure_service(
            "unbound-resolvconf.service",
            running=False,
            enabled=False,
        )
 class MtastsDeployer(Deployer):
    def configure(self):
        # Remove configuration.
        self.remove_file("/etc/mta-sts-daemon.yml")
        self.remove_directory("/usr/local/lib/postfix-mta-sts-resolver")
        self.remove_file("/etc/systemd/system/mta-sts-daemon.service")
    def activate(self):
        self.ensure_service(
            "mta-sts-daemon.service",
            running=False,
            enabled=False,
        )
 class WebsiteDeployer(Deployer):
    def __init__(self, config):
        self.config = config
    def install(self):
        self.ensure_directory("/var/www")
    def configure(self):
        www_path, src_dir, build_dir = get_paths(self.config)
        # if www_folder was set to a non-existing folder, skip upload
        if not www_path.is_dir():
            logger.warning("Building web pages is disabled in chatmail.ini, skipping")
        elif (path := find_merge_conflict(src_dir)) is not None:
            logger.warning(
                f"Merge conflict found in {path}, skipping website deployment. Fix merge conflict if you want to upload your web page."
            )
        else:
            # if www_folder is a hugo page, build it
            if build_dir:
                www_path = build_webpages(src_dir, build_dir, self.config)
                if www_path is None:
                    logger.warning("Web page build failed, skipping website deployment")
                    return
            # if it is not a hugo page, upload it as is
            files.rsync(
                f"{www_path}/", "/var/www/html", flags=["-avz", "--chown=www-data"]
            )
 class LegacyRemoveDeployer(Deployer):
    def install(self):
        apt.packages(name="Remove rspamd", packages="rspamd", present=False)
        # remove historic expunge script
        # which is now implemented through a systemd timer (chatmail-expire)
        self.remove_file("/etc/cron.d/expunge")
        # Remove OBS repository key that is no longer used.
        self.remove_file("/etc/apt/keyrings/obs-home-deltachat.gpg")
        self.ensure_line(
            path="/etc/apt/sources.list",
            line="deb [signed-by=/etc/apt/keyrings/obs-home-deltachat.gpg] https://download.opensuse.org/repositories/home:/deltachat/Debian_12/ ./",
            escape_regex_characters=True,
            present=False,
        )
        # prior relay versions used filelogging
        self.remove_directory("/var/log/journal/")
        # remove echobot if it is still running
        if has_systemd() and host.get_fact(SystemdEnabled).get("echobot.service"):
            systemd.service(
                name="Disable echobot.service",
                service="echobot.service",
                running=False,
                enabled=False,
            )
 def check_config(config):
    mail_domain = config.mail_domain
    if mail_domain != "testrun.org" and not mail_domain.endswith(".testrun.org"):
        blocked_words = "merlinux schmieder testrun.org".split()
        for key in config.__dict__:
            value = config.__dict__[key]
            if key.startswith("privacy") and any(
                x in str(value) for x in blocked_words
            ):
                raise ValueError(
                    f"please set your own privacy contacts/addresses in {config._inipath}"
                )
    return config
 class TurnDeployer(Deployer):
    def __init__(self, mail_domain):
        self.mail_domain = mail_domain
        self.units = ["turnserver"]
    def install(self):
        (url, sha256sum) = {
            "x86_64": (
                "https://github.com/chatmail/chatmail-turn/releases/download/v0.4/chatmail-turn-x86_64-linux",
                "1ec1f5c50122165e858a5a91bcba9037a28aa8cb8b64b8db570aa457c6141a8a",
            ),
            "aarch64": (
                "https://github.com/chatmail/chatmail-turn/releases/download/v0.4/chatmail-turn-aarch64-linux",
                "0fb3e792419494e21ecad536464929dba706bb2c88884ed8f1788141d26fc756",
            ),
        }[host.get_fact(facts.server.Arch)]
        self.download_executable(url, "/usr/local/bin/chatmail-turn", sha256sum)
    def configure(self):
        configure_remote_units(self, self.mail_domain, self.units)
    def activate(self):
        activate_remote_units(self, self.units)
 class IrohDeployer(Deployer):
    def __init__(self, enable_iroh_relay):
        self.enable_iroh_relay = enable_iroh_relay
    def install(self):
        (url, sha256sum) = {
            "x86_64": (
                "https://github.com/n0-computer/iroh/releases/download/v0.35.0/iroh-relay-v0.35.0-x86_64-unknown-linux-musl.tar.gz",
                "45c81199dbd70f8c4c30fef7f3b9727ca6e3cea8f2831333eeaf8aa71bf0fac1",
            ),
            "aarch64": (
                "https://github.com/n0-computer/iroh/releases/download/v0.35.0/iroh-relay-v0.35.0-aarch64-unknown-linux-musl.tar.gz",
                "f8ef27631fac213b3ef668d02acd5b3e215292746a3fc71d90c63115446008b1",
            ),
        }[host.get_fact(facts.server.Arch)]
        self.download_executable(
            url,
            "/usr/local/bin/iroh-relay",
            sha256sum,
            extract="gunzip | tar -xf - ./iroh-relay -O",
        )
    def configure(self):
        self.ensure_systemd_unit("iroh-relay.service")
        self.put_file("iroh-relay.toml", "/etc/iroh-relay.toml")
    def activate(self):
        self.ensure_service(
            "iroh-relay.service",
            enabled=self.enable_iroh_relay,
        )
 class JournaldDeployer(Deployer):
    def configure(self):
        self.put_file("journald.conf", "/etc/systemd/journald.conf")
    def activate(self):
        self.ensure_service("systemd-journald.service")
 class ChatmailVenvDeployer(Deployer):
    def __init__(self, config):
        self.config = config
        self.units = (
            "chatmail-metadata",
            "lastlogin",
            "chatmail-expire",
            "chatmail-expire.timer",
            "chatmail-fsreport",
            "chatmail-fsreport.timer",
        )
    def install(self):
        _install_remote_venv_with_chatmaild(self)
    def configure(self):
        _configure_remote_venv_with_chatmaild(self, self.config)
        configure_remote_units(self, self.config.mail_domain, self.units)
    def activate(self):
        activate_remote_units(self, self.units)
 class ChatmailDeployer(Deployer):
    required_users = [
        ("vmail", "vmail", None),
        ("iroh", None, None),
    ]
    def __init__(self, config):
        self.config = config
        self.mail_domain = config.mail_domain
    def install(self):
        self.put_file(
            src=BytesIO(b'APT::Install-Recommends "false";\n'),
            dest="/etc/apt/apt.conf.d/00InstallRecommends",
        )
        apt.update(name="apt update", cache_time=24 * 3600)
        apt.upgrade(name="upgrade apt packages", auto_remove=True)
        apt.packages(
            name="Install curl",
            packages=["curl"],
        )
        apt.packages(
            name="Install rsync",
            packages=["rsync"],
        )
    def configure(self):
        # metadata crashes if the mailboxes dir does not exist
        self.ensure_directory(
            str(self.config.mailboxes_dir),
            owner="vmail",
            mode="700",
        )
        # This file is used by auth proxy.
        # https://wiki.debian.org/EtcMailName
        server.shell(
            name="Setup /etc/mailname",
            commands=[
                f"echo {self.mail_domain} >/etc/mailname; chmod 644 /etc/mailname"
            ],
        )
 class FcgiwrapDeployer(Deployer):
    def install(self):
        apt.packages(
            name="Install fcgiwrap",
            packages=["fcgiwrap"],
        )
    def activate(self):
        self.ensure_service("fcgiwrap.service")
 class GithashDeployer(Deployer):
    def activate(self):
        try:
            git_hash = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode()
        except Exception:
            git_hash = "unknown\n"
        try:
            git_diff = subprocess.check_output(["git", "diff"]).decode()
        except Exception:
            git_diff = ""
        self.put_file(src=StringIO(git_hash + git_diff), dest="/etc/chatmail-version")
 def get_tls_deployer(config, mail_domain):
    """Select the appropriate TLS deployer based on config."""
    tls_domains = [mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"]
    if config.tls_cert_mode == "acme":
        return AcmetoolDeployer(config.acme_email, tls_domains)
    elif config.tls_cert_mode == "self":
        return SelfSignedTlsDeployer(mail_domain)
    elif config.tls_cert_mode == "external":
        return ExternalTlsDeployer(config.tls_cert_path, config.tls_key_path)
    else:
        raise ValueError(f"Unknown tls_cert_mode: {config.tls_cert_mode}")
 def deploy_chatmail(config_path: Path, disable_mail: bool, website_only: bool) -> None:
    """Deploy a chat-mail instance.
    :param config_path: path to chatmail.ini
    :param disable_mail: whether to disable postfix & dovecot
    :param website_only: if True, only deploy the website
    """
    config = read_config(config_path)
    check_config(config)
    mail_domain = config.mail_domain
    if website_only:
        Deployment().perform_stages([WebsiteDeployer(config)])
        return
    # Check if mtail_address interface is available (if configured)
    if config.mtail_address and config.mtail_address not in (
        "127.0.0.1",
        "::1",
        "localhost",
    ):
        ipv4_addrs = host.get_fact(hardware.Ipv4Addrs)
        all_addresses = [addr for addrs in ipv4_addrs.values() for addr in addrs]
        if config.mtail_address not in all_addresses:
            Out().red(
                f"Deploy failed: mtail_address {config.mtail_address} is not available (VPN up?).\n"
            )
            exit(1)
    if not is_in_container():
        port_services = [
            (["master", "smtpd"], 25),
            ("unbound", 53),
        ]
        if config.tls_cert_mode == "acme":
            port_services.append(("acmetool", 402))
        port_services += [
            (["imap-login", "dovecot"], 143),
            # acmetool previously listened on port 80,
            # so don't complain during upgrade that moved it to port 402
            # and gave the port to nginx.
            (["acmetool", "nginx"], 80),
            ("nginx", 443),
            (["master", "smtpd"], 465),
            (["master", "smtpd"], 587),
            (["imap-login", "dovecot"], 993),
            ("iroh-relay", 3340),
            ("mtail", 3903),
            ("stats", 3904),
            ("nginx", 8443),
            (["master", "smtpd"], config.postfix_reinject_port),
            (["master", "smtpd"], config.postfix_reinject_port_incoming),
            ("filtermail", config.filtermail_smtp_port),
            ("filtermail", config.filtermail_smtp_port_incoming),
        ]
        for service, port in port_services:
            print(f"Checking if port {port} is available for {service}...")
            running_service = host.get_fact(Port, port=port)
            services = [service] if isinstance(service, str) else service
            if running_service:
                if running_service not in services:
                    Out().red(
                        f"Deploy failed: port {port} is occupied by: {running_service}"
                    )
                    exit(1)
    tls_deployer = get_tls_deployer(config, mail_domain)
    all_deployers = [
        ChatmailDeployer(config),
        LegacyRemoveDeployer(),
        FiltermailDeployer(),
        JournaldDeployer(),
        UnboundDeployer(config),
        TurnDeployer(mail_domain),
        IrohDeployer(config.enable_iroh_relay),
        tls_deployer,
        WebsiteDeployer(config),
        ChatmailVenvDeployer(config),
        MtastsDeployer(),
        OpendkimDeployer(mail_domain),
        # Dovecot should be started before Postfix
        # because it creates authentication socket
        # required by Postfix.
        DovecotDeployer(config, disable_mail),
        PostfixDeployer(config, disable_mail),
        FcgiwrapDeployer(),
        NginxDeployer(config),
        MtailDeployer(config.mtail_address),
        GithashDeployer(),
    ]
    Deployment().perform_stages(all_deployers)
--- a/cmdeploy/src/cmdeploy/dns.py
+++ b/cmdeploy/src/cmdeploy/dns.py
@@ -1,109 +1,205 @@
 import sys
 import requests
 import importlib
 import subprocess
 import datetime
-from . import remote
+from typing import Optional
-def parse_zone_records(text):
+class DNS:
-    """Yield ``(name, ttl, rtype, rdata)`` from standard BIND-format text."""
+    def __init__(self, out, mail_domain):
-    for raw_line in text.splitlines():
+        self.session = requests.Session()
-        line = raw_line.strip()
+        self.out = out
-        if not line or line.startswith(";"):
+        self.ssh = f"ssh root@{mail_domain} -- "
            continue
        try:
-            name, ttl, _in, rtype, rdata = line.split(None, 4)
+            self.shell(f"unbound-control flush_zone {mail_domain}")
-        except ValueError:
+        except subprocess.CalledProcessError:
-            raise ValueError(f"Bad zone record line: {line!r}") from None
+            pass
-        name = name.rstrip(".")
+
-        yield name, ttl, rtype.upper(), rdata
+    def shell(self, cmd):
        try:
            return self.out.shell_output(f"{self.ssh}{cmd}", no_print=True)
        except (subprocess.CalledProcessError, subprocess.TimeoutExpired) as e:
            if "exit status 255" in str(e) or "timed out" in str(e):
                self.out.red(f"Error: can't reach the server with: {self.ssh[:-4]}")
                sys.exit(1)
            else:
                raise
    def get_ipv4(self):
        cmd = "ip a | grep 'inet ' | grep 'scope global' | grep -oE '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' | head -1"
        return self.shell(cmd).strip()
    def get_ipv6(self):
        cmd = "ip a | grep inet6 | grep 'scope global' | sed -e 's#/64 scope global##' | sed -e 's#inet6##'"
        return self.shell(cmd).strip()
    def get(self, typ: str, domain: str) -> str:
        """Get a DNS entry or empty string if there is none."""
        dig_result = self.shell(f"dig -r -q {domain} -t {typ} +short")
        line = dig_result.partition("\n")[0]
        return line
    def check_ptr_record(self, ip: str, mail_domain) -> bool:
        """Check the PTR record for an IPv4 or IPv6 address."""
        result = self.shell(f"dig -r -x {ip} +short").rstrip()
        return result == f"{mail_domain}."
-def get_initial_remote_data(sshexec, mail_domain):
+def show_dns(args, out) -> int:
-    return sshexec.logged(
+    """Check existing DNS records, optionally write them to zone file, return exit code 0 or 1."""
-        call=remote.rdns.perform_initial_checks, kwargs=dict(mail_domain=mail_domain)
+    template = importlib.resources.files(__package__).joinpath("chatmail.zone.f")
    mail_domain = args.config.mail_domain
    ssh = f"ssh root@{mail_domain}"
    dns = DNS(out, mail_domain)
    print("Checking your DKIM keys and DNS entries...")
    try:
        acme_account_url = out.shell_output(f"{ssh} -- acmetool account-url")
    except subprocess.CalledProcessError:
        print("Please run `cmdeploy run` first.")
        return 1
    dkim_selector = "opendkim"
    dkim_pubkey = out.shell_output(
        ssh + f" -- openssl rsa -in /etc/dkimkeys/{dkim_selector}.private"
        " -pubout 2>/dev/null | awk '/-/{next}{printf(\"%s\",$0)}'"
    )
    dkim_entry_value = f"v=DKIM1;k=rsa;p={dkim_pubkey};s=email;t=s"
    dkim_entry_str = ""
    while len(dkim_entry_value) >= 255:
        dkim_entry_str += '"' + dkim_entry_value[:255] + '" '
        dkim_entry_value = dkim_entry_value[255:]
    dkim_entry_str += '"' + dkim_entry_value + '"'
    dkim_entry = f"{dkim_selector}._domainkey.{mail_domain}. TXT {dkim_entry_str}"
    ipv6 = dns.get_ipv6()
    reverse_ipv6 = dns.check_ptr_record(ipv6, mail_domain)
    ipv4 = dns.get_ipv4()
    reverse_ipv4 = dns.check_ptr_record(ipv4, mail_domain)
    to_print = []
-def check_initial_remote_data(remote_data, *, strict_tls=True, print=print):
+    with open(template, "r") as f:
-    mail_domain = remote_data["mail_domain"]
+        zonefile = (
-    if not remote_data["A"] and not remote_data["AAAA"]:
+            f.read()
-        print(f"Missing A and/or AAAA DNS records for {mail_domain}!")
+            .format(
-    elif strict_tls and remote_data["MTA_STS"] != f"{mail_domain}.":
+                acme_account_url=acme_account_url,
-        print("Missing MTA-STS CNAME record:")
+                sts_id=datetime.datetime.now().strftime("%Y%m%d%H%M"),
-        print(f"mta-sts.{mail_domain}.   CNAME  {mail_domain}.")
+                chatmail_domain=args.config.mail_domain,
-    elif strict_tls and remote_data["WWW"] != f"{mail_domain}.":
+                dkim_entry=dkim_entry,
-        print("Missing www CNAME record:")
+                ipv6=ipv6,
-        print(f"www.{mail_domain}.   CNAME  {mail_domain}.")
+                ipv4=ipv4,
            )
            .strip()
        )
        try:
            with open(args.zonefile, "w+") as zf:
                zf.write(zonefile)
                print(f"DNS records successfully written to: {args.zonefile}")
            return 0
        except TypeError:
            pass
        for line in zonefile.splitlines():
            line = line.format(
                acme_account_url=acme_account_url,
                sts_id=datetime.datetime.now().strftime("%Y%m%d%H%M"),
                chatmail_domain=args.config.mail_domain,
                dkim_entry=dkim_entry,
                ipv6=ipv6,
            ).strip()
            for typ in ["A", "AAAA", "CNAME", "CAA"]:
                if f" {typ} " in line:
                    domain, value = line.split(f" {typ} ")
                    current = dns.get(typ, domain.strip()[:-1])
                    if current != value.strip():
                        to_print.append(line)
            if " MX " in line:
                domain, typ, prio, value = line.split()
                current = dns.get(typ, domain[:-1])
                if not current:
                    to_print.append(line)
                elif current.split()[1] != value:
                    print(line.replace(prio, str(int(current[0]) + 1)))
            if " SRV " in line:
                domain, typ, prio, weight, port, value = line.split()
                current = dns.get("SRV", domain[:-1])
                if current != f"{prio} {weight} {port} {value}":
                    to_print.append(line)
            if " TXT " in line:
                domain, value = line.split(" TXT ")
                current = dns.get("TXT", domain.strip()[:-1])
                if domain.startswith("_mta-sts."):
                    if current:
                        if current.split("id=")[0] == value.split("id=")[0]:
                            continue
                # TXT records longer than 255 bytes
                # are split into multiple <character-string>s.
                # This typically happens with DKIM record
                # which contains long RSA key.
                #
                # Removing `" "` before comparison
                # to get back a single string.
                if current.replace('" "', "") != value.replace('" "', ""):
                    to_print.append(line)
    exit_code = 0
    if to_print:
        to_print.insert(
            0, "You should configure the following DNS entries at your provider:\n"
        )
        to_print.append(
            "\nIf you already configured the DNS entries, wait a bit until the DNS entries propagate to the Internet."
        )
        print("\n".join(to_print))
        exit_code = 1
    else:
-        return remote_data
+        out.green("Great! All your DNS entries are correct.")
-
+    to_print = []
-def get_filled_zone_file(remote_data):
+    if not reverse_ipv4:
-    sts_id = remote_data.get("sts_id")
+        to_print.append(f"\tIPv4:\t{ipv4}\t{args.config.mail_domain}")
-    if not sts_id:
+    if not reverse_ipv6:
-        remote_data["sts_id"] = datetime.datetime.now().strftime("%Y%m%d%H%M")
+        to_print.append(f"\tIPv6:\t{ipv6}\t{args.config.mail_domain}")
-
+    if len(to_print) > 0:
-    d = remote_data["mail_domain"]
+        if len(to_print) == 1:
-
+            warning = "You should add the following PTR/reverse DNS entry:"
-    def append_record(name, rtype, rdata, ttl=3600):
+        else:
-        lines.append(f"{name:<40} {ttl:<6} IN  {rtype:<5}  {rdata}")
+            warning = "You should add the following PTR/reverse DNS entries:"
-
+        out.red(warning)
-    lines = ["; Required DNS entries"]
+        for entry in to_print:
-    if remote_data.get("A"):
+            print(entry)
-        append_record(f"{d}.", "A", remote_data["A"])
+        print(
-    if remote_data.get("AAAA"):
+            "You can do so at your hosting provider (maybe this isn't your DNS provider)."
        append_record(f"{d}.", "AAAA", remote_data["AAAA"])
    append_record(f"{d}.", "MX", f"10 {d}.")
    if remote_data.get("strict_tls"):
        append_record(f"_mta-sts.{d}.", "TXT", f'"v=STSv1; id={remote_data["sts_id"]}"')
        append_record(f"mta-sts.{d}.", "CNAME", f"{d}.")
    append_record(f"www.{d}.", "CNAME", f"{d}.")
    lines.append(remote_data["dkim_entry"])
    lines.append("")
    lines.append("; Recommended DNS entries")
    append_record(f"{d}.", "TXT", '"v=spf1 a ~all"')
    append_record(f"_dmarc.{d}.", "TXT", '"v=DMARC1;p=reject;adkim=s;aspf=s"')
    if remote_data.get("acme_account_url"):
        append_record(
            f"{d}.",
            "CAA",
            f'0 issue "letsencrypt.org;accounturi={remote_data["acme_account_url"]}"',
        )
-    append_record(f"_adsp._domainkey.{d}.", "TXT", '"dkim=discardable"')
+        exit_code = 1
-    append_record(f"_submission._tcp.{d}.", "SRV", f"0 1 587 {d}.")
+    return exit_code
    append_record(f"_submissions._tcp.{d}.", "SRV", f"0 1 465 {d}.")
    append_record(f"_imap._tcp.{d}.", "SRV", f"0 1 143 {d}.")
    append_record(f"_imaps._tcp.{d}.", "SRV", f"0 1 993 {d}.")
    lines.append("")
    return "\n".join(lines)
-def check_full_zone(sshexec, remote_data, out, zonefile) -> int:
+def check_necessary_dns(out, mail_domain):
-    """Check existing DNS records, optionally write them to zone file
+    """Check whether $mail_domain and mta-sts.$mail_domain resolve."""
-    and return (exitcode, remote_data) tuple."""
+    dns = DNS(out, mail_domain)
-
+    ipv4 = dns.get("A", mail_domain)
-    required_diff, recommended_diff = sshexec.logged(
+    ipv6 = dns.get("AAAA", mail_domain)
-        remote.rdns.check_zonefile,
+    mta_entry = dns.get("CNAME", "mta-sts." + mail_domain)
-        kwargs=dict(zonefile=zonefile, verbose=False),
+    www_entry = dns.get("CNAME", "www." + mail_domain)
-    )
+    to_print = []
-
+    if not (ipv4 or ipv6):
-    returncode = 0
+        to_print.append(f"\t{mail_domain}.\t\t\tA<your server's IPv4 address>")
-    if required_diff:
+    if mta_entry != mail_domain + ".":
-        out.red("Please set required DNS entries at your DNS provider:\n")
+        to_print.append(f"\tmta-sts.{mail_domain}.\tCNAME\t{mail_domain}.")
-        for line in required_diff:
+    if www_entry != mail_domain + ".":
-            out(line)
+        to_print.append(f"\twww.{mail_domain}.\tCNAME\t{mail_domain}.")
-        out("")
+    if to_print:
-        returncode = 1
+        to_print.insert(
-    if remote_data.get("dkim_entry") in required_diff:
+            0,
-        out(
+            "\nFor chatmail to work, you need to configure this at your DNS provider:\n",
            "If the DKIM entry above does not work with your DNS provider,"
            " you can try this one:\n"
        )
-        out(remote_data.get("web_dkim_entry") + "\n")
+        for line in to_print:
-    if recommended_diff:
+            print(line)
-        out("WARNING: these recommended DNS entries are not set:\n")
+        print()
-        for line in recommended_diff:
+    else:
-            out(line)
+        dns.out.green("\nAll necessary DNS entries seem to be set.")
-
+        return True
    if not (recommended_diff or required_diff):
        out.green("Great! All your DNS entries are verified and correct.")
    return returncode
--- a/cmdeploy/src/cmdeploy/dovecot/auth.conf
+++ b/cmdeploy/src/cmdeploy/dovecot/auth.conf
@@ -1,10 +1,8 @@
-uri = proxy:/run/doveauth/doveauth.socket:auth
+uri = proxy:/run/dovecot/doveauth.socket:auth
-iterate_disable = no
+iterate_disable = yes
 iterate_prefix = userdb/
 default_pass_scheme = plain
 # %E escapes characters " (double quote), ' (single quote) and \ (backslash) with \ (backslash).
-# See <https://doc.dovecot.org/2.3/configuration_manual/config_file/config_variables/#modifiers>
+# See <https://doc.dovecot.org/configuration_manual/config_file/config_variables/#modifiers>
 # for documentation.
 #
 # We escape user-provided input and use double quote as a separator.
--- a/cmdeploy/src/cmdeploy/dovecot/deployer.py
+++ b/cmdeploy/src/cmdeploy/dovecot/deployer.py
@@ -1,189 +0,0 @@
 import io
 import urllib.request
 from chatmaild.config import Config
 from pyinfra import host
 from pyinfra.facts.deb import DebPackages
 from pyinfra.facts.server import Arch, Command, Sysctl
 from pyinfra.operations import apt, files, server
 from cmdeploy.basedeploy import (
    Deployer,
    activate_remote_units,
    blocked_service_startup,
    configure_remote_units,
    is_in_container,
 )
 DOVECOT_ARCHIVE_VERSION = "2.3.21+dfsg1-3"
 DOVECOT_PACKAGE_VERSION = f"1:{DOVECOT_ARCHIVE_VERSION}"
 DOVECOT_SHA256 = {
    ("core", "amd64"): "dd060706f52a306fa863d874717210b9fe10536c824afe1790eec247ded5b27d",
    ("core", "arm64"): "e7548e8a82929722e973629ecc40fcfa886894cef3db88f23535149e7f730dc9",
    ("imapd", "amd64"): "8d8dc6fc00bbb6cdb25d345844f41ce2f1c53f764b79a838eb2a03103eebfa86",
    ("imapd", "arm64"): "178fa877ddd5df9930e8308b518f4b07df10e759050725f8217a0c1fb3fd707f",
    ("lmtpd", "amd64"): "2f69ba5e35363de50962d42cccbfe4ed8495265044e244007d7ccddad77513ab",
    ("lmtpd", "arm64"): "89f52fb36524f5877a177dff4a713ba771fd3f91f22ed0af7238d495e143b38f",
 }
 class DovecotDeployer(Deployer):
    daemon_reload = False
    def __init__(self, config, disable_mail):
        self.config = config
        self.disable_mail = disable_mail
        self.units = ["doveauth"]
    def install(self):
        arch = host.get_fact(Arch)
        with blocked_service_startup():
            debs = []
            for pkg in ("core", "imapd", "lmtpd"):
                deb, changed = _download_dovecot_package(pkg, arch)
                self.need_restart |= changed
                if deb:
                    debs.append(deb)
            if debs:
                deb_list = " ".join(debs)
                # First dpkg may fail on missing dependencies (stderr suppressed);
                # apt-get --fix-broken pulls them in, then dpkg retries cleanly.
                server.shell(
                    name="Install dovecot packages",
                    commands=[
                        f"dpkg --force-confdef --force-confold -i {deb_list} 2> /dev/null || true",
                        "DEBIAN_FRONTEND=noninteractive apt-get -y --fix-broken install",
                        f"dpkg --force-confdef --force-confold -i {deb_list}",
                    ],
                )
                self.need_restart = True
        self.put_file(
            src=io.StringIO(
                "Package: dovecot-*\n"
                "Pin: version *\n"
                "Pin-Priority: -1\n"
            ),
            dest="/etc/apt/preferences.d/pin-dovecot",
        )
    def configure(self):
        configure_remote_units(self, self.config.mail_domain, self.units)
        _configure_dovecot(self, self.config)
    def activate(self):
        activate_remote_units(self, self.units)
        # Detect stale binary: package installed but service still runs old (deleted) binary.
        if not self.disable_mail and not self.need_restart:
            stale = host.get_fact(
                Command,
                'pid=$(systemctl show -p MainPID --value dovecot.service 2>/dev/null);'
                ' [ "${pid:-0}" != "0" ] && readlink "/proc/$pid/exe" 2>/dev/null | grep -q "(deleted)"'
                " && echo STALE || true",
            )
            if stale == "STALE":
                self.need_restart = True
        active = not self.disable_mail
        self.ensure_service(
            "dovecot.service",
            running=active,
            enabled=active,
        )
 def _pick_url(primary, fallback):
    try:
        req = urllib.request.Request(primary, method="HEAD")
        urllib.request.urlopen(req, timeout=10)
        return primary
    except Exception:
        return fallback
 def _download_dovecot_package(package: str, arch: str) -> tuple[str | None, bool]:
    """Download a dovecot .deb if needed, return (path, changed)."""
    arch = "amd64" if arch == "x86_64" else arch
    arch = "arm64" if arch == "aarch64" else arch
    pkg_name = f"dovecot-{package}"
    sha256 = DOVECOT_SHA256.get((package, arch))
    if sha256 is None:
        op = apt.packages(packages=[pkg_name])
        return None, bool(getattr(op, "changed", False))
    installed_versions = host.get_fact(DebPackages).get(pkg_name, [])
    if DOVECOT_PACKAGE_VERSION in installed_versions:
        return None, False
    url_version = DOVECOT_ARCHIVE_VERSION.replace("+", "%2B")
    deb_base = f"{pkg_name}_{url_version}_{arch}.deb"
    primary_url = f"https://download.delta.chat/dovecot/{deb_base}"
    fallback_url = f"https://github.com/chatmail/dovecot/releases/download/upstream%2F{url_version}/{deb_base}"
    url = _pick_url(primary_url, fallback_url)
    deb_filename = f"/root/{deb_base}"
    files.download(
        name=f"Download {pkg_name}",
        src=url,
        dest=deb_filename,
        sha256sum=sha256,
        cache_time=60 * 60 * 24 * 365 * 10,  # never redownload the package
    )
    return deb_filename, True
 def _configure_dovecot(deployer, config: Config, debug: bool = False):
    """Configures Dovecot IMAP server."""
    deployer.put_template(
        "dovecot/dovecot.conf.j2",
        "/etc/dovecot/dovecot.conf",
        config=config,
        debug=debug,
        disable_ipv6=config.disable_ipv6,
    )
    deployer.put_file("dovecot/auth.conf", "/etc/dovecot/auth.conf")
    deployer.put_file(
        "dovecot/push_notification.lua", "/etc/dovecot/push_notification.lua"
    )
    # as per https://doc.dovecot.org/2.3/configuration_manual/os/
    # it is recommended to set the following inotify limits
    can_modify = not is_in_container()
    for name in ("max_user_instances", "max_user_watches"):
        key = f"fs.inotify.{name}"
        value = host.get_fact(Sysctl).get(key, 0)
        if value > 65534:
            continue
        if not can_modify:
            print(
                "\n!!!! refusing to attempt sysctl setting in containers\n"
                f"!!!! dovecot: sysctl {key!r}={value}, should be >65534 for production setups\n"
                "!!!!"
            )
            continue
        server.sysctl(
            name=f"Change {key}",
            key=key,
            value=65535,
            persist=True,
        )
    deployer.ensure_line(
        name="Set TZ environment variable",
        path="/etc/environment",
        line="TZ=:/etc/localtime",
    )
    deployer.put_file(
        "service/10_restart_on_failure.conf",
        "/etc/systemd/system/dovecot.service.d/10_restart.conf",
    )
    # Validate dovecot configuration before restart
    if deployer.need_restart:
        server.shell(
            name="Validate dovecot configuration",
            commands=["doveconf -n >/dev/null"],
        )
--- a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2
+++ b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2
@@ -1,9 +1,5 @@
 ## Dovecot configuration file
 {% if disable_ipv6 %}
 listen = 0.0.0.0
 {% endif %}
 protocols = imap lmtp
 auth_mechanisms = plain
@@ -17,41 +13,15 @@ auth_cache_size = 100M
 mail_debug = yes
 {% endif %}
 # Prevent warnings similar to:
 #   config: Warning: service auth { client_limit=1000 } is lower than required under max. load (10200). Counted for protocol services with service_count != 1: service lmtp { process_limit=100 } + service imap-urlauth-login { process_limit=100 } + service imap-login { process_limit=10000 }
 #   config: Warning: service anvil { client_limit=1000 } is lower than required under max. load (10103). Counted with: service imap-urlauth-login { process_limit=100 } + service imap-login { process_limit=10000 } + service auth { process_limit=1 }
 #   master: Warning: service(stats): client_limit (1000) reached, client connections are being dropped
 default_client_limit = 20000
 # Increase number of logged in IMAP connections.
 # Each connection is handled by a separate `imap` process.
 # `imap` process should have `client_limit=1` as described in
 # <https://doc.dovecot.org/2.3/configuration_manual/service_configuration/#service-limits>
 # so each logged in IMAP session will need its own `imap` process.
 #
 # If this limit is reached,
 # users will fail to LOGIN as `imap-login` process
 # will accept them logging in but fail to transfer logged in
 # connection to `imap` process until someone logs out and
 # the following warning will be logged:
 #   Warning: service(imap): process_limit (1024) reached, client connections are being dropped
 service imap {
  process_limit = 50000
 }
 mail_server_admin = mailto:root@{{ config.mail_domain }}
 mail_server_comment = Chatmail server
-# `zlib` enables compressing messages stored in the maildir.
+mail_plugins = quota
 # See
 # <https://doc.dovecot.org/2.3/configuration_manual/zlib_plugin/>
 # for documentation.
 #
 # quota plugin documentation:
 # <https://doc.dovecot.org/2.3/configuration_manual/quota_plugin/>
 mail_plugins = zlib quota
-imap_capability = +XDELTAPUSH XCHATMAIL
+# these are the capabilities Delta Chat cares about actually 
 # so let's keep the network overhead per login small
 # https://github.com/deltachat/deltachat-core-rust/blob/master/src/imap/capabilities.rs
 imap_capability = IMAP4rev1 IDLE MOVE QUOTA CONDSTORE NOTIFY METADATA
 # Authentication for system users.
@@ -68,13 +38,7 @@ userdb {
 ##
 # Mailboxes are stored in the "mail" directory of the vmail user home.
-mail_location = maildir:{{ config.mailboxes_dir }}/%u
+mail_location = maildir:/home/vmail/mail/%d/%u
 # index/cache files are not very useful for chatmail relay operations 
 # but it's not clear how to disable them completely. 
 # According to https://doc.dovecot.org/2.3/settings/advanced/#core_setting-mail_cache_max_size
 # if the cache file becomes larger than the specified size, it is truncated by dovecot 
 mail_cache_max_size = 500K
 namespace inbox {
  inbox = yes
@@ -107,41 +71,15 @@ mail_privileged_group = vmail
 ## Mail processes
 ##
-# Pass all IMAP METADATA requests to the server implementing Dovecot's dict protocol.
+# Enable IMAP COMPRESS (RFC 4978).
 mail_attribute_dict = proxy:/run/chatmail-metadata/metadata.socket:metadata
 # `imap_zlib` enables IMAP COMPRESS (RFC 4978).
 # <https://datatracker.ietf.org/doc/html/rfc4978.html>
 protocol imap {
-  mail_plugins = $mail_plugins imap_quota last_login {% if config.imap_compress %}imap_zlib{% endif %}
+  mail_plugins = $mail_plugins imap_zlib imap_quota
  imap_metadata = yes
 }
 plugin {
  last_login_dict = proxy:/run/chatmail-lastlogin/lastlogin.socket:lastlogin
  #last_login_key = last-login/%u # default
  last_login_precision = s
 }
 protocol lmtp {
-  # notify plugin is a dependency of push_notification plugin:
+  mail_plugins = $mail_plugins quota
  # <https://doc.dovecot.org/2.3/settings/plugin/notify-plugin/>
  #
  # push_notification plugin documentation:
  # <https://doc.dovecot.org/2.3/configuration_manual/push_notification/>
  #
  # mail_lua and push_notification_lua are needed for Lua push notification handler.
  # <https://doc.dovecot.org/2.3/configuration_manual/push_notification/#configuration>
  mail_plugins = $mail_plugins mail_lua notify push_notification push_notification_lua
  # Disable fsync for LMTP. May lose delivered message,
  # but unlikely to cause problems with multiple relays.
  # https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/#fsyncing
  mail_fsync = never
 }
 plugin {
  zlib_save = gz
 }
 plugin {
@@ -149,33 +87,15 @@ plugin {
 }
 plugin {
  # for now we define static quota-rules for all users 
  quota = maildir:User quota
-  quota_max_mail_size={{ config.max_message_size }}
+  quota_rule = *:storage={{ config.max_mailbox_size }}
  quota_max_mail_size=30M
  quota_grace = 0
-
+  # quota_over_flag_value = TRUE
  quota_rule = *:storage={{ config.max_mailbox_size_mb }}M
  # Trigger at 75%% of quota, expire oldest messages down to 70%%.
  # The percentages are chosen to prevent current Delta Chat users
  # from seeing "quota warnings" which trigger at 80% and 95%.
  quota_warning = storage=75%% quota-warning {{ config.max_mailbox_size_mb * 70 // 100 }} {{ config.mailboxes_dir }}/%u
 }
 service quota-warning {
  executable = script /usr/local/lib/chatmaild/venv/bin/chatmail-quota-expire
  user = vmail
  unix_listener quota-warning {
     user = vmail
     mode = 0600
  }
 }
 # push_notification configuration
 plugin {
  # <https://doc.dovecot.org/2.3/configuration_manual/push_notification/#lua-lua>
  push_notification_driver = lua:file=/etc/dovecot/push_notification.lua
 }
 service lmtp {
  user=vmail
@@ -187,8 +107,6 @@ service lmtp {
  }
 }
 lmtp_add_received_header = no
 service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
@@ -204,253 +122,26 @@ service auth-worker {
 }
 service imap-login {
-    # High-performance mode as described in
+    # High-security mode.
-    # <https://doc.dovecot.org/2.3/admin_manual/login_processes/#high-performance-mode>
+    # Each process serves a single connection and exits afterwards.
-    #
+    # This is the default, but we set it explicitly to be sure.
-    # So-called high-security mode described in
+    # See <https://doc.dovecot.org/admin_manual/login_processes/#high-security-mode> for details.
-    # <https://doc.dovecot.org/2.3/admin_manual/login_processes/#high-security-mode>
+    service_count = 1
    # and enabled by default with `service_count = 1` starts one process per connection
    # and has problems logging in thousands of users after Dovecot restart.
    service_count = 0
-    # Increase virtual memory size limit.
+    # Inrease the number of simultaneous connections.
    # Since imap-login processes handle TLS connections
    # even after logging users in
    # and many connections are handled by each process,
    # memory size limit should be increased.
    #
-    # Otherwise the whole process eventually dies
+    # As of Dovecot 2.3.19.1 the default is 100 processes.
-    # with an error similar to
+    # Combined with `service_count = 1` it means only 100 connections
-    #   imap-login: Fatal: master: service(imap-login):
+    # can be handled simultaneously.
-    #   child 1422951 returned error 83
+    process_limit = 10000
    #   (Out of memory (service imap-login { vsz_limit=256 MB },
    #    you may need to increase it)
    # and takes down all its TLS connections at once.
    vsz_limit = 1G
    # Avoid startup latency for new connections.
    #
    # Should be set to at least the number of CPU cores
    # according to the documentation.
    process_min_avail = 10
 }
 service anvil {
    # We are disabling anvil penalty on failed login attempts
    # because it can only detect brute forcing by IP address
    # not by username. As the correct IP address is not handed
    # to dovecot anyway, it is more of hindrance than of use.
    # See <https://www.dovecot.org/list/dovecot/2012-May/135485.html> for details.
    unix_listener anvil-auth-penalty {
        mode = 0
    }
 }
 ssl = required
-ssl_cert = <{{ config.tls_cert_path }}
+ssl_cert = </var/lib/acme/live/{{ config.mail_domain }}/fullchain
-ssl_key = <{{ config.tls_key_path }}
+ssl_key = </var/lib/acme/live/{{ config.mail_domain }}/privkey
 ssl_dh = </usr/share/dovecot/dh.pem
-ssl_min_protocol = TLSv1.3
+ssl_min_protocol = TLSv1.2
 ssl_prefer_server_ciphers = yes
 {% if config.imap_rawlog %}
 service postlogin {
  executable = script-login -d rawlog
  unix_listener postlogin {
 }  
 } 
 service imap {
  executable = imap postlogin 
 } 
 protocol imap { 
  #rawlog_dir = /tmp/rawlog/%u
  # Put .in and .out imap protocol logging files into per-user homedir 
  # You can use a command like this to combine into one protocol stream:
  # sort -sn <(sed 's/ / C: /' *.in) <(sed 's/ / S: /' cat *.out)
  rawlog_dir = %h 
  # Disable fsync for IMAP. May lose IMAP changes like setting flags. 
  mail_fsync = never
 } 
 {% endif %}
 {% if not config.imap_compress %}
 # Hibernate IDLE users to save memory and CPU resources
 # NOTE: this will have no effect if imap_zlib plugin is used
 imap_hibernate_timeout = 30s
 service imap {
  # Note that this change will allow any process running as
  # $default_internal_user (dovecot) to access mails as any other user.
  # This may be insecure in some installations, which is why this isn't
  # done by default.
  unix_listener imap-master {
    user = $default_internal_user
  }
 }
 # The following is the default already in v2.3.1+:
 service imap {
  extra_groups = $default_internal_group
 }
 service imap-hibernate {
  unix_listener imap-hibernate {
    mode = 0660
    group = $default_internal_group
  }
 }
 {% endif %}
 {% if config.mtail_address %}
 #
 # Dovecot Statistics
 #
 # OpenMetrics endpoint at http://{{- config.mtail_address}}:3904/metrics
 service stats {
  inet_listener http {
    port = 3904
    address = {{- config.mtail_address}}
  }
 }
 # IMAP Command Metrics
 # - Bytes in/out for compression efficiency analysis
 # - Lock wait time for contention debugging
 # - Grouped by command name and reply state
 metric imap_command {
  filter = event=imap_command_finished
  fields = bytes_in bytes_out lock_wait_usecs running_usecs
  group_by = cmd_name tagged_reply_state
 }
 # Duration buckets for latency histograms (base 10: 10us, 100us, 1ms, 10ms, 100ms, 1s, 10s, 100s)
 metric imap_command_duration {
  filter = event=imap_command_finished
  group_by = cmd_name duration:exponential:1:8:10
 }
 # Slow command outliers (>1 second = 1000000 usecs)
 # Useful for alerting without high cardinality
 metric imap_command_slow {
  filter = event=imap_command_finished AND duration>1000000 AND NOT cmd_name=IDLE
  group_by = cmd_name
 }
 # IDLE-specific Metrics
 metric imap_idle {
  filter = event=imap_command_finished AND cmd_name=IDLE
  fields = bytes_in bytes_out running_usecs
  group_by = tagged_reply_state
 }
 metric imap_idle_duration {
  filter = event=imap_command_finished AND cmd_name=IDLE
  # Base 10: 100ms to 27h (covers short wakeups to long idle sessions)
  group_by = duration:exponential:5:11:10
 }
 metric imap_idle_commands {
  filter = event=imap_command_finished AND cmd_name=IDLE
  group_by = tagged_reply_state
 }
 metric imap_idle_failed {
  filter = event=imap_command_finished AND cmd_name=IDLE AND NOT tagged_reply_state=OK
 }
 # Hibernation Metrics (requires imap_hibernate_timeout)
 metric imap_hibernated {
  filter = event=imap_client_hibernated
 }
 metric imap_hibernated_failed {
  filter = event=imap_client_hibernated AND error=*
 }
 metric imap_unhibernated {
  filter = event=imap_client_unhibernated
  fields = hibernation_usecs
 }
 metric imap_unhibernated_reason {
  filter = event=imap_client_unhibernated
  group_by = reason
  fields = hibernation_usecs
 }
 metric imap_unhibernated_reason_sleep {
  filter = event=imap_client_unhibernated
  group_by = reason hibernation_usecs:exponential:4:8:10
 }
 metric imap_unhibernated_failed {
  filter = event=imap_client_unhibernated AND error=*
 }
 # Hibernation duration buckets (how long clients stayed hibernated)
 # Base 10: 100ms to 27h
 metric imap_hibernation_duration {
  filter = event=imap_client_unhibernated
  group_by = reason duration:exponential:5:11:10
 }
 # Authentication / Login Metrics
 metric auth_request {
  filter = event=auth_request_finished
  group_by = success
 }
 metric auth_request_duration {
  filter = event=auth_request_finished
  group_by = success duration:exponential:2:6:10
 }
 metric auth_failed {
  filter = event=auth_request_finished AND success=no
 }
 # Passdb cache effectiveness
 metric auth_passdb {
  filter = event=auth_passdb_request_finished
  group_by = result cache
 }
 # Master login (post-auth userdb lookup)
 metric auth_master_login {
  filter = event=auth_master_client_login_finished
 }
 metric auth_master_login_failed {
  filter = event=auth_master_client_login_finished AND error=*
 }
 # Mail Delivery (LMTP) - affects IDLE wakeup latency
 metric mail_delivery {
  filter = event=mail_delivery_finished
 }
 metric mail_delivery_duration {
  filter = event=mail_delivery_finished
  group_by = duration:exponential:3:7:10
 }
 metric mail_delivery_failed {
  filter = event=mail_delivery_finished AND error=*
 }
 # Connection Events
 metric client_connected {
  filter = event=client_connection_connected AND category="service:imap"
 }
 metric client_disconnected {
  filter = event=client_connection_disconnected AND category="service:imap"
  fields = bytes_in bytes_out
 }
 {% endif %}
--- a/cmdeploy/src/cmdeploy/dovecot/expunge.cron.j2
+++ b/cmdeploy/src/cmdeploy/dovecot/expunge.cron.j2
@@ -0,0 +1,10 @@
 # delete all mails after {{ config.delete_mails_after }} days, in the Inbox
 2 0 * * * vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/cur/*' -mtime +{{ config.delete_mails_after }} -type f -delete
 # or in any IMAP subfolder
 2 0 * * * vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/.*/cur/*' -mtime +{{ config.delete_mails_after }} -type f -delete
 # even if they are unseen
 2 0 * * * vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/new/*' -mtime +{{ config.delete_mails_after }} -type f -delete
 2 0 * * * vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/.*/new/*' -mtime +{{ config.delete_mails_after }} -type f -delete
 # or only temporary (but then they shouldn't be around after {{ config.delete_mails_after }} days anyway).
 2 0 * * * vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/tmp/*' -mtime +{{ config.delete_mails_after }} -type f -delete
 2 0 * * * vmail find /home/vmail/mail/{{ config.mail_domain }} -path '*/.*/tmp/*' -mtime +{{ config.delete_mails_after }} -type f -delete
--- a/cmdeploy/src/cmdeploy/dovecot/push_notification.lua
+++ b/cmdeploy/src/cmdeploy/dovecot/push_notification.lua
@@ -1,19 +0,0 @@
 function dovecot_lua_notify_begin_txn(user)
  return user
 end
 function dovecot_lua_notify_event_message_new(user, event)
  local mbox = user:mailbox(event.mailbox)
  mbox:sync()
  if user.username ~= event.from_address then
    -- Incoming message
    -- Notify METADATA server about new message.
    mbox:metadata_set("/private/messagenew", "")
  end
  mbox:free()
 end
 function dovecot_lua_notify_end_txn(ctx, success)
 end
--- a/cmdeploy/src/cmdeploy/external/deployer.py
+++ b/cmdeploy/src/cmdeploy/external/deployer.py
@@ -1,44 +0,0 @@
 from pyinfra import host
 from pyinfra.facts.files import File
 from ..basedeploy import Deployer
 class ExternalTlsDeployer(Deployer):
    """Expects TLS certificates to be managed on the server.
    Validates that the configured certificate and key files
    exist on the remote host.  Installs a systemd path unit
    that watches the certificate file and automatically
    restarts/reloads affected services when it changes.
    """
    def __init__(self, cert_path, key_path):
        self.cert_path = cert_path
        self.key_path = key_path
    def configure(self):
        # Verify cert and key exist on the remote host using pyinfra facts.
        for path in (self.cert_path, self.key_path):
                if host.get_fact(File, path=path) is None:
                    raise Exception(f"External TLS file not found on server: {path}")
        self.ensure_systemd_unit(
            "external/tls-cert-reload.path.j2",
            cert_path=self.cert_path,
        )
        self.ensure_systemd_unit(
            "external/tls-cert-reload.service",
        )
    def activate(self):
        # No explicit reload needed here: dovecot/nginx read the cert
        # on startup, and the .path watcher handles live changes.
        self.ensure_service(
            "tls-cert-reload.path",
            running=True,
            enabled=True,
        )
--- a/cmdeploy/src/cmdeploy/external/tls-cert-reload.path.j2
+++ b/cmdeploy/src/cmdeploy/external/tls-cert-reload.path.j2
@@ -1,15 +0,0 @@
 # Watch the TLS certificate file for changes.
 # When the cert is updated (e.g. renewed by an external process),
 # this triggers tls-cert-reload.service to reload the affected services.
 #
 # NOTE: changes to the certificates are not detected if they cross bind-mount boundaries. 
 # After cert renewal, you must then trigger the reload explicitly:
 #   systemctl start tls-cert-reload.service
 [Unit]
 Description=Watch TLS certificate for changes
 [Path]
 PathChanged={{ cert_path }}
 [Install]
 WantedBy=multi-user.target
--- a/cmdeploy/src/cmdeploy/external/tls-cert-reload.service
+++ b/cmdeploy/src/cmdeploy/external/tls-cert-reload.service
@@ -1,15 +0,0 @@
 # Reload services that cache the TLS certificate.
 #
 # dovecot: caches the cert at startup; reload re-reads SSL certs
 #          without dropping existing connections.
 # nginx:   caches the cert at startup; reload gracefully picks up
 #          the new cert for new connections.
 # postfix: reads the cert fresh on each TLS handshake,
 #          does NOT need a reload/restart.
 [Unit]
 Description=Reload TLS services after certificate change
 [Service]
 Type=oneshot
 ExecStart=/bin/systemctl try-reload-or-restart dovecot
 ExecStart=/bin/systemctl try-reload-or-restart nginx
--- a/cmdeploy/src/cmdeploy/filtermail/deployer.py
+++ b/cmdeploy/src/cmdeploy/filtermail/deployer.py
@@ -1,40 +0,0 @@
 import os
 from pyinfra import facts, host
 from cmdeploy.basedeploy import Deployer
 class FiltermailDeployer(Deployer):
    services = ["filtermail", "filtermail-incoming", "filtermail-transport"]
    bin_path = "/usr/local/bin/filtermail"
    config_path = "/usr/local/lib/chatmaild/chatmail.ini"
    def install(self):
        local_bin = os.environ.get("CHATMAIL_FILTERMAIL_BINARY")
        if local_bin:
            self.put_executable(
                src=local_bin,
                dest=self.bin_path,
            )
            return
        arch = host.get_fact(facts.server.Arch)
        url = f"https://github.com/chatmail/filtermail/releases/download/v0.6.4/filtermail-{arch}"
        sha256sum = {
            "x86_64": "5295115952c72e4c4ec3c85546e094b4155a4c702c82bd71fcdcb744dc73adf6",
            "aarch64": "6892244f17b8f26ccb465766e96028e7222b3c8adefca9fc6bfe9ff332ca8dff",
        }[arch]
        self.download_executable(url, self.bin_path, sha256sum)
    def configure(self):
        for service in self.services:
            self.ensure_systemd_unit(
                f"filtermail/{service}.service.j2",
                bin_path=self.bin_path,
                config_path=self.config_path,
            )
    def activate(self):
        for service in self.services:
            self.ensure_service(f"{service}.service")
--- a/cmdeploy/src/cmdeploy/filtermail/filtermail-incoming.service.j2
+++ b/cmdeploy/src/cmdeploy/filtermail/filtermail-incoming.service.j2
@@ -1,11 +0,0 @@
 [Unit]
 Description=Incoming Chatmail Postfix before queue filter 
 [Service]
 ExecStart={{ bin_path }} {{ config_path }} incoming
 Restart=always
 RestartSec=30
 User=vmail
 [Install]
 WantedBy=multi-user.target
--- a/cmdeploy/src/cmdeploy/filtermail/filtermail-transport.service.j2
+++ b/cmdeploy/src/cmdeploy/filtermail/filtermail-transport.service.j2
@@ -1,11 +0,0 @@
 [Unit]
 Description=Chatmail transport service
 [Service]
 ExecStart={{ bin_path }} {{ config_path }} transport
 Restart=always
 RestartSec=30
 User=vmail
 [Install]
 WantedBy=multi-user.target
--- a/cmdeploy/src/cmdeploy/filtermail/filtermail.service.j2
+++ b/cmdeploy/src/cmdeploy/filtermail/filtermail.service.j2
@@ -1,11 +0,0 @@
 [Unit]
 Description=Outgoing Chatmail Postfix before queue filter
 [Service]
 ExecStart={{ bin_path }} {{ config_path }} outgoing
 Restart=always
 RestartSec=30
 User=vmail
 [Install]
 WantedBy=multi-user.target
--- a/cmdeploy/src/cmdeploy/genqr.py
+++ b/cmdeploy/src/cmdeploy/genqr.py
@@ -1,9 +1,8 @@
 import importlib
 import io
 import os
 import qrcode
-from PIL import Image, ImageDraw, ImageFont
+import os
 from PIL import ImageFont, ImageDraw, Image
 import io
 def gen_qr_png_data(maildomain):
--- a/cmdeploy/src/cmdeploy/iroh-relay.service
+++ b/cmdeploy/src/cmdeploy/iroh-relay.service
@@ -1,12 +0,0 @@
 [Unit]
 Description=Iroh relay
 [Service]
 ExecStart=/usr/local/bin/iroh-relay --config-path /etc/iroh-relay.toml
 Restart=on-failure
 RestartSec=5s
 User=iroh
 Group=iroh
 [Install]
 WantedBy=multi-user.target
--- a/cmdeploy/src/cmdeploy/iroh-relay.toml
+++ b/cmdeploy/src/cmdeploy/iroh-relay.toml
@@ -1,11 +0,0 @@
 enable_relay = true
 http_bind_addr = "[::]:3340"
 # Disable built-in STUN server in iroh-relay 0.35
 # as we deploy our own TURN server instead.
 # STUN server is going to be removed in iroh-relay 1.0
 # and this line can be removed after upgrade.
 enable_stun = false
 enable_metrics = false
 metrics_bind_addr = "127.0.0.1:9092"
--- a/cmdeploy/src/cmdeploy/journald.conf
+++ b/cmdeploy/src/cmdeploy/journald.conf
@@ -1,3 +1,2 @@
 [Journal]
 MaxRetentionSec=3d
 Storage=volatile
--- a/cmdeploy/src/cmdeploy/metrics.cron.j2
+++ b/cmdeploy/src/cmdeploy/metrics.cron.j2
@@ -0,0 +1 @@
 */5 * * * * root {{ config.execpath }} /home/vmail/mail/{{ config.mail_domain }} >/var/www/html/metrics
--- a/cmdeploy/src/cmdeploy/mtail/delivered_mail.mtail
+++ b/cmdeploy/src/cmdeploy/mtail/delivered_mail.mtail
@@ -1,88 +0,0 @@
 counter delivered_mail
 /saved mail to INBOX$/ {
  delivered_mail++
 }
 counter quota_exceeded
 /Quota exceeded \(mailbox for user is full\)$/ {
  quota_exceeded++
 }
 # Essentially the number of outgoing messages.
 counter dkim_signed
 /DKIM-Signature field added/ {
  dkim_signed++
 }
 counter created_accounts
 counter created_ci_accounts
 counter created_nonci_accounts
 /: Created address: (?P<addr>.*)$/ {
  created_accounts++
  $addr =~ /ci-/ {
    created_ci_accounts++
  } else {
    created_nonci_accounts++
  }
 }
 counter postfix_timeouts
 /timeout after DATA/ {
  postfix_timeouts++
 }
 counter postfix_noqueue
 /postfix\/.*NOQUEUE/ {
  postfix_noqueue++
 }
 counter warning_count
 /warning/ {
  warning_count++
 }
 counter filtered_outgoing_mail_count
 counter outgoing_encrypted_mail_count
 /Outgoing: Filtering encrypted mail\./ {
  outgoing_encrypted_mail_count++
  filtered_outgoing_mail_count++
 }
 counter outgoing_unencrypted_mail_count
 /Outgoing: Filtering unencrypted mail\./ {
  outgoing_unencrypted_mail_count++
  filtered_outgoing_mail_count++
 }
 counter filtered_incoming_mail_count
 counter incoming_encrypted_mail_count
 /Incoming: Filtering encrypted mail\./ {
  incoming_encrypted_mail_count++
  filtered_incoming_mail_count++
 }
 counter incoming_unencrypted_mail_count
 /Incoming: Filtering unencrypted mail\./ {
  incoming_unencrypted_mail_count++
  filtered_incoming_mail_count++
 }
 counter rejected_unencrypted_mail_count
 /Rejected unencrypted mail/ {
  rejected_unencrypted_mail_count++
 }
 counter quota_expire_runs
 counter quota_expire_removed_files
 /quota-expire: removed (?P<count>\d+) message\(s\)/ {
  quota_expire_runs++
  quota_expire_removed_files += $count
 }
--- a/cmdeploy/src/cmdeploy/mtail/deployer.py
+++ b/cmdeploy/src/cmdeploy/mtail/deployer.py
@@ -1,44 +0,0 @@
 from pyinfra import facts, host
 from pyinfra.operations import apt
 from cmdeploy.basedeploy import Deployer
 class MtailDeployer(Deployer):
    def __init__(self, mtail_address):
        self.mtail_address = mtail_address
    def install(self):
        # Uninstall mtail package to install a static binary.
        apt.packages(name="Uninstall mtail", packages=["mtail"], present=False)
        (url, sha256sum) = {
            "x86_64": (
                "https://github.com/google/mtail/releases/download/v3.0.8/mtail_3.0.8_linux_amd64.tar.gz",
                "d55cb601049c5e61eabab29998dbbcea95d480e5448544f9470337ba2eea882e",
            ),
            "aarch64": (
                "https://github.com/google/mtail/releases/download/v3.0.8/mtail_3.0.8_linux_arm64.tar.gz",
                "f748db8ad2a1e0b63684d4c8868cf6a373a20f7e6922e5ece601fff0ee00eb1a",
            ),
        }[host.get_fact(facts.server.Arch)]
        self.download_executable(
            url,
            "/usr/local/bin/mtail",
            sha256sum,
            extract="gunzip | tar -xf - mtail -O",
        )
    def configure(self):
        # Using our own systemd unit instead of `/usr/lib/systemd/system/mtail.service`.
        # This allows to read from journalctl instead of log files.
        self.ensure_systemd_unit(
            "mtail/mtail.service.j2",
            address=self.mtail_address or "127.0.0.1",
            port=3903,
        )
        self.put_file("mtail/delivered_mail.mtail", "/etc/mtail/delivered_mail.mtail")
    def activate(self):
        active = bool(self.mtail_address)
        self.ensure_service("mtail.service", running=active, enabled=active)
--- a/cmdeploy/src/cmdeploy/mtail/mtail.service.j2
+++ b/cmdeploy/src/cmdeploy/mtail/mtail.service.j2
@@ -1,13 +0,0 @@
 [Unit]
 Description=mtail
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=simple
 ExecStart=/bin/sh -c "journalctl -f -o short-iso -n 0 | /usr/local/bin/mtail --address={{ address }} --port={{ port }} --progs /etc/mtail --logtostderr --logs -"
 Restart=on-failure
 RestartSec=2s
 [Install]
 WantedBy=multi-user.target
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`"acme-enter-email": "{{ email }}"`	`"acme-enter-email": "{{ email }}"`
	`"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf": true`	`"acme-agreement:https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf": true`
		`@@ -0,0 +1 @@`
							`/5 * * * root {{ config.execpath }} /home/vmail/mail/{{ config.mail_domain }} >/var/www/html/metrics`